Twenty CRM Server-Side Request Forgery Vulnerability via IPv4-Mapped IPv6 Addresses

A server-side request forgery (SSRF) vulnerability has been identified in Twenty CRM versions through 1.18.0. The issue arises in the SecureHttpClientService, where SSRF protection can be bypassed by using IPv4-mapped IPv6 addresses in URL IP literals. Node.js's URL parser normalizes these addresses to a compressed hex format, which is not recognized by the isPrivateIp utility that only accepts dotted-decimal notation. This allows the hex form to evade SSRF checks. Furthermore, the socket lookup validation does not activate for IP literal addresses, bypassing an additional layer of validation. An authenticated user can exploit this vulnerability to access internal IPs, including cloud metadata endpoints, and exfiltrate sensitive credentials such as IAM keys.

Impact

Exploitation of this vulnerability allows authenticated users to bypass SSRF protections and access internal network services or the server's loopback interface. This could lead to unauthorized access to cloud metadata services, where sensitive information like IAM credentials can be retrieved, potentially compromising the entire cloud account.

Reproduction

To reproduce this vulnerability, an authenticated user must send a request to the AI agent's HTTP tool, using a URL that includes an IPv4-mapped IPv6 address pointing to a cloud metadata endpoint. The request will bypass SSRF protections and return sensitive IAM role information, which can be followed up with another request to retrieve access keys and tokens.

Remediation

The isPrivateIp utility should be updated to recognize IPv4-mapped IPv6 addresses in their hex form. Alternatively, a normalization step could be added to convert hex IPv4-mapped addresses to dotted-decimal before performing the private IP checks.