Submeter #768044: Bytedesk <=1.3.9 SSRFinformação

TítuloBytedesk <=1.3.9 SSRF
DescriçãoThe endpoint GET /gitee/api/v1/models passes a user-supplied apiUrl parameter directly to RestTemplate.exchange() without any URL validation or allowlist. The server issues an HTTP request to the attacker-controlled URL. DNS callback logs confirm the server-side request originating from the target, enabling SSRF attacks including internal network probing, cloud IMDS access, and potential credential exfiltration.
Fonte⚠️ https://github.com/Bytedesk/bytedesk/issues/21
Utilizador
 ZAST.AI (UID 87884)
Submissão26/02/2026 07h19 (há 1 mês)
Moderação08/03/2026 08h20 (10 days later)
EstadoAceite
Entrada VulDB349756 [Bytedesk até 1.3.9 SpringAIGiteeRestController SpringAIGiteeRestService.java getModels apiUrl Elevação de Privilégios]
Pontos19

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!