제출 #858043: 1Panel-dev CordysCRM 1.4.1 Server-Side Request Forgery정보

제목1Panel-dev CordysCRM 1.4.1 Server-Side Request Forgery
설명The IntegrationConfigService component in CordysCRM v1.4.1 contains a Server-Side Request Forgery (SSRF) vulnerability. This vulnerability stems from the lack of input validation on the mkAddress parameter in the /organization/settings/third-party/edit endpoint when processing MAXKB configuration requests. The parameter is directly concatenated into a URL and used to make HTTP requests without whitelist validation, protocol restriction, or internal IP blocking. Attackers can craft malicious mkAddress values to force the server to make requests to arbitrary external addresses, potentially leading to internal network reconnaissance or data leakage.
원천⚠️ https://github.com/1Panel-dev/CordysCRM/issues/2685
사용자
 liushaozhe (UID 83234)
제출2026. 06. 13. PM 07:36 (1 월 ago)
모더레이션2026. 07. 18. PM 02:11 (1 month later)
상태수락
VulDB 항목380044 [1Panel-dev CordysCRM 까지 1.4.1 Third Party Endpoint TokenService.java mkAddress 권한 상승]
포인트들20

Might our Artificial Intelligence support you?

Check our Alexa App!