漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
WeKan < 8.35 SSRF via Webhook URL
Vulnerability Description
WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the url schema field accepts any string without protocol restriction or destination validation. Attackers who can create or modify integrations can set webhook URLs to internal network addresses, causing the server to issue HTTP POST requests to attacker-controlled internal targets with full board event payloads, and can additionally exploit response handling to overwrite arbitrary comment text without authorization checks.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
WeKan 代码问题漏洞
Vulnerability Description
WeKan是WeKan开源的一个看板应用程序。 WeKan 8.35之前版本存在代码问题漏洞,该漏洞源于webhook集成URL处理中url模式字段接受任何字符串且无协议限制或目标验证,可能导致服务器端请求伪造。
CVSS Information
N/A
Vulnerability Type
N/A