Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HAPI FHIR: Unauthenticated SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft
Vulnerability Description
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the FHIR Validator HTTP service exposes an unauthenticated "/loadIG" endpoint that makes outbound HTTP requests to attacker-controlled URLs. Combined with a startsWith() URL prefix matching flaw in the credential provider (ManagedWebAccessUtils.getServer()), an attacker can steal authentication tokens (Bearer, Basic, API keys) configured for legitimate FHIR servers by registering a domain that prefix-matches a configured server URL. This issue has been patched in version 6.9.4.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Vulnerability Type
对外部实体的文件或目录可访问
Vulnerability Title
HAPI FHIR 安全漏洞
Vulnerability Description
HAPI FHIR是HAPI FHIR开源的一个Java编写的 HL7 FHIR API。 HAPI FHIR 6.9.4之前版本存在安全漏洞,该漏洞源于FHIR Validator HTTP服务暴露了未经身份验证的/loadIG端点,且凭证提供程序存在URL前缀匹配缺陷,可能导致身份验证令牌被盗。
CVSS Information
N/A
Vulnerability Type
N/A