Vulnerabilities
Server-side request forgery in webhook fetch
highopenDescription
A user-supplied URL is fetched without validation, letting an attacker reach internal services such as the cloud metadata endpoint.
Affected code
services/connector/fetch.go:18resp, _ := http.Get(userProvidedURL)
AI analysis
Root cause. A user-supplied URL is fetched without validation, letting an attacker reach internal services (e.g. cloud metadata at 169.254.169.254).
Recommended fix. Validate the URL against an allowlist and block private/link-local ranges before fetching, preventing SSRF to internal endpoints.
Details
- Severity
- high
- CVSS
- 8.2
- CVE
- —
- CWE
- CWE-918
- File
- services/connector/fetch.go
- Status
- open