漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
ToolJet Cloud - SSRF to Azure Cloud Infrastructure Compromise
Vulnerability Description
ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only checks the hostname string — not the resolved IP. DNS names like 169.254.169.254.nip.io resolve to the Azure IMDS link-local address and bypass the filter entirely. This allows any authenticated user (free tier) to steal Azure managed identity tokens for the AKS production cluster. This vulnerability is fixed in 3.20.178-lts.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
ToolJet 服务端请求伪造漏洞
Vulnerability Description
ToolJet是ToolJet公司开源的一款用于构建业务应用程序的可扩展低代码框架。 ToolJet 3.20.178-lts之前版本存在服务端请求伪造漏洞,该漏洞源于RestAPI数据源组件存在服务端请求伪造(SSRF),其私有IP过滤器仅检查主机名字符串而非解析后的IP地址,可能导致任意经过身份验证的用户窃取Azure托管身份令牌。
CVSS Information
N/A
Vulnerability Type
N/A