Submeter #781771: Casdoor v2.356.0 Server-Side Request Forgeryinformação

TítuloCasdoor v2.356.0 Server-Side Request Forgery
DescriçãoWebhook SSRF (Server-Side Request Forgery) **Evidence:** ```go req, err := http.NewRequest(webhook.Method, webhook.Url, body) // ... resp, err := client.Do(req) // No URL validation, no internal network blocking ``` Admin-configured webhook URLs are fetched without any restriction on target address. No SSRF protections are in place. **Attack scenario:** An attacker who gains org-admin access configures a webhook URL pointing to `http://x.x.x.x/latest/meta-data/` (AWS metadata endpoint) or internal services, exfiltrating cloud credentials or scanning internal infrastructure. **Fix:** Validate webhook URLs against a denylist of private/reserved IP ranges. Use a dedicated HTTP client that resolves DNS and blocks connections to internal addresses. ---
Utilizador
 Ghufran Khan (UID 95493)
Submissão17/03/2026 14h25 (há 20 dias)
Moderação03/04/2026 09h26 (17 days later)
EstadoAceite
Entrada VulDB355073 [Casdoor 2.356.0 Webhook URL Elevação de Privilégios]
Pontos17

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!