Submeter #710170: YunaiV YuDao Cloud <=v2025.11 Server-Side Request Forgeryinformação

TítuloYunaiV YuDao Cloud <=v2025.11 Server-Side Request Forgery
DescriçãoYuDao Cloud is a microservices architecture enterprise-level backend framework. A critical Server-Side Request Forgery (SSRF) vulnerability has been identified in the BPM (Business Process Management) HTTP triggers functionality that allows authenticated users with BPM process design permissions to make arbitrary HTTP requests from the server, potentially exposing internal network resources.
Fonte⚠️ https://github.com/AnalogyC0de/public_exp/blob/main/archives/yudao-cloud-bpm_SSRF/report.md
Utilizador
 Ana10gy (UID 93358)
Submissão09/12/2025 11h33 (há 6 meses)
Moderação25/12/2025 17h08 (16 days later)
EstadoAceite
Entrada VulDB338429 [YunaiV yudao-cloud até 2025.11 Business Process Management BpmHttpCallbackTrigger/BpmSyncHttpRequestTrigger url/header/body Elevação de Privilégios]
Pontos19

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!