Umbraco CMS Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in Umbraco CMS version 8.14.1. This vulnerability allows attackers to manipulate baseUrl parameters in various dashboard and help controller endpoints. By crafting malicious requests to specific endpoints, attackers can trigger unauthorized server-side requests to external hosts.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server send requests to external resources, potentially leading to the exposure of internal services or data.

Reproduction

To reproduce this vulnerability, send a request to one of the affected endpoints, such as 'GetContextHelpForPage', 'GetRemoteDashboardContent', or 'GetRemoteDashboardCss'. Include a crafted baseUrl parameter that points to an external host. The server will then make a request to the specified external host, demonstrating the SSRF vulnerability.

Remediation

Users are advised to upgrade to Umbraco CMS versions 8.14.2 or later, where this vulnerability has been addressed.