MindsDB Server-Side Request Forgery Vulnerability in File Upload Component

A server-side request forgery (SSRF) vulnerability has been identified in MindsDB versions through 25.14.1. This issue arises in the file upload functionality, specifically within the 'clear_filename' function of 'mindsdb/utilities/security.py'. The vulnerability allows attackers to bypass URL validation blacklists and make unauthorized internal network requests, potentially leading to information disclosure or access to restricted internal services.

Impact

Exploitation of this vulnerability allows for unauthorized internal network requests, bypassing security measures and potentially leading to unauthorized access to internal services or information.

Reproduction

The vulnerability can be reproduced by uploading a file through the MindsDB interface that includes a crafted URL. This URL should exploit the URL validation logic by including userinfo segments that bypass blacklist checks. Once uploaded, the crafted URL will trigger an internal request to the specified destination, demonstrating the SSRF vulnerability.

Remediation

Users are advised to update to the patched version of MindsDB, which is available on the official MindsDB GitHub repository.