MaxKB Server-Side Request Forgery Vulnerability in OSS URL Fetch Functionality

A server-side request forgery (SSRF) vulnerability has been identified in MaxKB versions through 2.8.0. This vulnerability allows attackers to bypass private IP address restrictions and access internal network services. The issue arises in the OSS file service URL fetch functionality, specifically at the '/chat/api/oss/get_url' endpoint. The vulnerability is due to inconsistent DNS resolution between the validation phase and the actual request execution. During validation, the application checks for private IP addresses using a DNS lookup, but the subsequent request performs a separate DNS resolution, creating an opportunity for DNS rebinding attacks.

Impact

Exploitation of this vulnerability could lead to unauthorized access to internal network services, potentially allowing attackers to interact with or manipulate those services.

Remediation

Users are advised to update MaxKB to version 2.8.1, which addresses the vulnerability by synchronizing the DNS resolution process. Alternatively, the official fix commit can be applied.