Отправить #710170: YunaiV YuDao Cloud <=v2025.11 Server-Side Request ForgeryИнформация

НазваниеYunaiV YuDao Cloud <=v2025.11 Server-Side Request Forgery
ОписаниеYuDao Cloud is a microservices architecture enterprise-level backend framework. A critical Server-Side Request Forgery (SSRF) vulnerability has been identified in the BPM (Business Process Management) HTTP triggers functionality that allows authenticated users with BPM process design permissions to make arbitrary HTTP requests from the server, potentially exposing internal network resources.
Источник⚠️ https://github.com/AnalogyC0de/public_exp/blob/main/archives/yudao-cloud-bpm_SSRF/report.md
Пользователь
 Ana10gy (UID 93358)
Представление09.12.2025 11:33 (6 месяцы назад)
Модерация25.12.2025 17:08 (16 days later)
Статуспринято
Запись VulDB338429 [YunaiV yudao-cloud до 2025.11 Business Process Management BpmHttpCallbackTrigger/BpmSyncHttpRequestTrigger url/header/body эскалация привилегий]
Баллы19

ПредыдущийОбзорДалее

Might our Artificial Intelligence support you?

Check our Alexa App!