Miggo Logo

CVE-2020-21122: Server-Side Request Forgery in UReport

5.3

CVSS Score
3.1

Basic Information

EPSS Score
0.45505%
Published
9/20/2021
Updated
2/1/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
com.bstek.ureport:ureport2-consolemaven<= 2.2.9

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability manifests in the designer page's connection handling functionality. The description explicitly mentions unauthorized SSRF through intranet port detection, which typically occurs when: 1) User-controlled input (host/port) is used to initiate network connections 2) No authentication checks protect the endpoint 3) No allowlist validation restricts target destinations. The database connection failure response pattern mentioned in the GitHub issue suggests the vulnerable function is related to database connection testing features in the designer interface. While exact method names aren't provided, UReport's architecture would logically place this functionality in the DesignerController class handling designer page requests.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

UR*port v*.*.* *ont*ins * S*rv*r-Si** R*qu*st *or**ry (SSR*) in t** **si*n*r p*** w*i** *llows *tt**k*rs to **t**t intr*n*t **vi** ports.

Reasoning

T** vuln*r**ility m*ni**sts in t** **si*n*r p***'s *onn**tion **n*lin* *un*tion*lity. T** **s*ription *xpli*itly m*ntions un*ut*oriz** SSR* t*rou** intr*n*t port **t**tion, w*i** typi**lly o**urs w**n: *) Us*r-*ontroll** input (*ost/port) is us** to