| Название | AutohomeCorp frostmourne frostmourne <= 1.0 Server-Side Request Forgery |
|---|
| Описание | Frostmourne contains a Server-Side Request Forgery (SSRF) vulnerability in the alarm preview functionality. The /alarm/previewData endpoint allows authenticated users to trigger arbitrary HTTP/HTTPS requests from the server without any URL validation and returns the HTTP response directly to the user, enabling attackers to access internal network resources, cloud metadata endpoints, and perform port scanning. |
|---|
| Источник | ⚠️ https://fx4tqqfvdw4.feishu.cn/docx/GE4GdxBxKoSvBOxhkTRcsawlnhc?from=from_copylink |
|---|
| Пользователь | xcxr (UID 86629) |
|---|
| Представление | 16.03.2026 07:25 (21 дни назад) |
|---|
| Модерация | 31.03.2026 18:22 (15 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 354449 [AutohomeCorp frostmourne до 1.0 Alarm Preview AlarmController.java эскалация привилегий] |
|---|
| Баллы | 19 |
|---|