Submit #692069: orionsec (project owner of Orion-ops) Orion-ops (server component) <= master commit 5925824997a3109651bbde07460958a7be249ed1 Server-Side Request Forgery (SSRF)info

Titleorionsec (project owner of Orion-ops) Orion-ops (server component) <= master commit 5925824997a3109651bbde07460958a7be249ed1 Server-Side Request Forgery (SSRF)
DescriptionThe Orion-ops machine connectivity test endpoints accept arbitrary destinations from any authenticated account. Because MachineInfoServiceImpl uses those parameters to initiate SSH connections without validation, an attacker can coerce the management server into connecting to internal hosts and learn whether the ports are reachable, effectively providing an SSRF primitive.
Source⚠️ https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-ssrf-1/report.md
User
 sh7err04 (UID 92493)
Submission11/10/2025 12:30 (7 months ago)
Moderation11/30/2025 15:25 (20 days later)
StatusAccepted
VulDB entry333819 [orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1 SSH Connection MachineInfoController.java host/sshPort/username/password/authType server-side request forgery]
Points18

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!