| 제목 | 1Panel-dev CordysCRM 1.4.1 Server-Side Request Forgery |
|---|
| 설명 | The IntegrationConfigService component in CordysCRM v1.4.1 contains a Server-Side Request Forgery (SSRF) vulnerability. This vulnerability stems from the getSqlBotSrc() method extracting URLs from the appSecret parameter using regex pattern without proper validation. Extracted URLs are directly used to create HTTP connections via URI.create(jsUrl).toURL().openConnection() in the /organization/settings/third-party/edit endpoint. No whitelist validation, protocol restriction, or internal IP blocking is applied. Attackers can inject malicious URLs via the appSecret parameter (e.g., appSecret": "src="<http://malicious\\>"").
|
|---|
| 원천 | ⚠️ https://github.com/1Panel-dev/CordysCRM/issues/2687 |
|---|
| 사용자 | liushaozhe (UID 83234) |
|---|
| 제출 | 2026. 06. 13. PM 07:39 (1 월 ago) |
|---|
| 모더레이션 | 2026. 07. 18. PM 02:11 (1 month later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 380045 [1Panel-dev CordysCRM 까지 1.4.1 Third Party Edit Endpoint IntegrationConfigService.java getSqlBotSrc appSecret 권한 상승] |
|---|
| 포인트들 | 20 |
|---|