A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function get_es_data_by_http of the file backend/apps/db/es_engine.py of the component Elasticsearch Handler. This manipulation of the argument address causes server-side request forgery.
The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.7.0 is capable of addressing this issue.
You should upgrade the affected component. The vendor was contacted early about this disclosure.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
High
Admin privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
Low
Partial disruption
CVSS Vector v4.0
Weakness Type (CWE)
References 5
https://github.com/dataease/SQLBot/releases/tag/v1.7.0
cna@vuldb.com
https://vuldb.com/submit/756043
cna@vuldb.com
https://vuldb.com/vuln/354854
cna@vuldb.com
https://vuldb.com/vuln/354854/cti
cna@vuldb.com
https://www.notion.so/SQLbot-SSRF-in-Elasticsearch-Unvalidated-Requests-2afea92…
cna@vuldb.com