Jellyfin Remoteimagecontroller Cs Ssrf Vulnerability Cve 2021 29490
Jellyfin Remoteimagecontroller Cs Ssrf Vulnerability Cve 2021 29490
Jellyfin RemoteImageController.cs SSRF Vulnerability CVE-2021-29490
Vulnerability Description
There is an SSRF vulnerability in the Jellyfin RemoteImageController.cs file. By constructing special requests, detecting intranet information.
Vulnerability Impact
Jellyfin < 10.7.2
Network surveying and mapping
app=”Jellyfin”
Vulnerability reappears
Find the modified file in the official update file
Officially deleted a method
1
2
3
function getDisplayUrl(url, apiClient) {
return apiClient.getUrl('Images/Remote', { imageUrl: url });
}
Download the source code of the vulnerable version and find the corresponding files of the interface.
Jellyfin.Api/Controllers/RemoteImageController.cs
The received parameter is imageUrl, and there is an SSRF vulnerability in subsequent code snippets
Construct request POC
1
/Images/Remote?imageUrl=https://www.baidu.com
This post is licensed under CC BY 4.0 by the author.