Twenty: SSRF protection bypass via HTTP redirect following in secure HTTP client

Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService validated request URLs at the request level but did not validate redirect targets. An authenticated user who could control outbound request URLs (e.g., webhook endpoints, image URLs) could bypass private IP blocking by redirecting through an attacker-controlled server. This issue has been patched in version 1.18.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

服务端请求伪造(SSRF)

Twenty CRM 代码问题漏洞

Twenty CRM是Twenty开源的一个客户关系管理系统。 Twenty CRM 1.18之前版本存在代码问题漏洞，该漏洞源于SSRF保护未验证重定向目标，可能导致经过身份验证的用户通过攻击者控制的服务器重定向来绕过私有IP阻止。

N/A

N/A