Dataease DB2 JDBC Connection String Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in Dataease versions through 2.10.12. The issue arises from the DB2 JDBC connection string, where the ldap parameter is not properly filtered. This oversight allows attackers to exploit the connection string and initiate unauthorized requests from the server. While the vulnerability could lead to remote code execution in certain Java environments, the primary concern here is the exploitation of SSRF.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can make the server initiate requests to internal or external resources, potentially leading to further exploitation or information disclosure.

Reproduction

To reproduce this vulnerability, use Dataease Desktop and select DB2 as the OLTP data source. Configure the JDBC connection string to include an unfiltered ldap parameter, such as 'ldap://123.57.23.40:1111'. After sending the request, the server will establish a connection to the specified LDAP server, confirming the successful exploitation of the SSRF vulnerability.

Remediation

Users are advised to upgrade to Dataease version 2.10.13 or later, where this vulnerability has been fixed.