Tencent Blueking CMDB Vulnerability: SSRF via Event Subscription Function
CVE-2024-22873

Currently unrated

Key Information:

Vendor: Tencent
Status: Blueking Cmdb
Vendor: CVE Published:; 26 February 2024

What is CVE-2024-22873?

Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery (SSRF) via the event subscription function (/service/subscription.go). This vulnerability allows attackers to access internal requests via a crafted POST request.

References

http://tencent.com

http://blueking.com

https://sphenoid-enquiry-9be.notion.site/BK-CMDB-SSRF-ba2...

Timeline

Vulnerability published
Feb 26, 2024
Vulnerability Reserved
Jan 11, 2024