Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Typebot May Expose AWS EKS Credentials via Server Side Request Forgery in Webhook Block
Vulnerability Description
Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery (SSRF) vulnerability in the Typebot webhook block (HTTP Request component) functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance Metadata Service (IMDS). By bypassing IMDSv2 protection through custom header injection, attackers can extract temporary AWS IAM credentials for the EKS node role, leading to complete compromise of the Kubernetes cluster and associated AWS infrastructure. Version 3.13.1 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Typebot 代码问题漏洞
Vulnerability Description
Typebot是Baptiste Arnaud个人开发者的一个开源聊天机器人构建器。 Typebot 3.13.1之前版本存在代码问题漏洞,该漏洞源于Typebot webhook块功能存在服务器端请求伪造,可能导致提取AWS IAM凭据和完全接管Kubernetes集群。
CVSS Information
N/A
Vulnerability Type
N/A