Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
orionsec orion-ops SSH Connection MachineInfoController.java server-side request forgery
Vulnerability Description
A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection Handler. Such manipulation of the argument host/sshPort/username/password/authType leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. A patch should be applied to remediate this issue. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
orion-ops 安全漏洞
Vulnerability Description
orion-ops是李佳航个人开发者的一个一站式自动化运维及自动化部署平台。 orion-ops存在安全漏洞,该漏洞源于文件MachineInfoController.java中参数host/sshPort/username/password/authType的错误操作,可能导致服务端请求伪造。
CVSS Information
N/A
Vulnerability Type
N/A