Mistral

Security vulnerability Server-Side Request Forgery (SSRF)

Bug #1992834 reported by Sang Tran
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mistral
New
Undecided
Unassigned

Bug Description

Hi team,

I've just found the vulnerability from mistral.

Environment:
Openstack version Yoga.

Step to reproduce:
1. Go to mistral-dashboard
Workflow > Workbooks > Create Workbook > Direct Input
Workflow > Workflows > Create Workflows > Direct Input
Workfloư > Actions > Create Action > Direct Input
2. Input string: Some internal URL that only can access from a safe way like VPN or from a private zone
3. Enter Validation and mistral will make the request to that URL and send back the response from the internal system (I also attached the evidence from my test site).

With this risk, attackers can bypass the firewall to make many of requests for scanning the operator's internal system. If the internal app is not secure, system hijacking is inevitable.

Revision history for this message
Sang Tran (sangtq8) wrote :
Sang Tran (sangtq8)
information type: Private Security → Public Security
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.