MaxKB SSRF Vulnerability in Workflow Template Import Prior to Version 2.9.1

A server-side request forgery (SSRF) vulnerability has been identified in MaxKB, an open-source AI assistant for enterprise, in versions prior to 2.9.1. The issue arises in the workflow template import feature, where authenticated users can submit arbitrary URLs through the 'work_flow_template.downloadUrl' field. These URLs are fetched server-side without any validation, allowing access to internal IP addresses and cloud metadata endpoints. The vulnerability exists due to the absence of URL validation and internal IP filtering, particularly for private IP ranges and cloud metadata.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an authenticated user can make the server fetch external or internal resources. This could be used for internal network reconnaissance or to access sensitive data from cloud metadata endpoints.

Reproduction

To reproduce this vulnerability, an authenticated user can create or update an application and set the 'work_flow_template.downloadUrl' to a URL that points to an internal network address or a cloud metadata endpoint. The server will fetch the URL without any validation, and the response can be parsed to extract internal information.

Remediation

Users are advised to update to MaxKB version 2.9.1 or later, where this vulnerability has been fixed.