CVE-2021-44139
published 2022-03-23CVE-2021-44139: Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF).
PriorityP355high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
6.49%
92.9th percentile
Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hashicorp | sentinel | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/registry/machine?app={{rand_base(5)}}&appType=0&version=0&hostname={{rand_base(5)}}&ip={{interactsh-url}}&port=0↗
- →SSRF trigger: HTTP GET to /registry/machine with the `ip` parameter set to an attacker-controlled out-of-band (OOB/interactsh) URL; confirm exploitation by observing a DNS interaction back to the callback host. ↗
- →Confirm successful SSRF exploitation by matching both `"success":true` and `"msg":"success"` in the JSON response body, alongside `application/json` in the response header. ↗
- →Hunt for exposed Sentinel Dashboard instances using Shodan query `title:"Sentinel Dashboard"` or FOFA query `title="sentinel dashboard"` as initial reconnaissance targets. ↗
- →The vulnerability is pre-authentication (no credentials required); any unauthenticated GET request to /registry/machine with a crafted `ip` parameter should be treated as a potential exploitation attempt. ↗
- ·Vulnerability is version-specific; only Alibaba Sentinel 1.8.2 is confirmed affected. The CPE in the template incorrectly references `hashicorp:sentinel` — the actual affected product is `alibaba:sentinel`. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Alibaba Sentinel - Server-side request forgery (SSRF)
nuclei·CVSS 7.5
CVE-2021-44139 [HIGH] Alibaba Sentinel - Server-side request forgery (SSRF)
Alibaba Sentinel - Server-side request forgery (SSRF)
There is a Pre-Auth SSRF vulnerability in Alibaba Sentinel version 1.8.2, which allows remote unauthenticated attackers to perform SSRF attacks via the /registry/machine endpoint through the ip parameter.
Template:
id: CVE-2021-44139
info:
name: Alibaba Sentinel - Server-side request forgery (SSRF)
author: DhiyaneshDK
severity: high
description: |
There is a Pre-Auth SSRF vulnerability in Alibaba Sentinel version 1.8.2, which allows remote unauthenticated attackers to perform SSRF attacks via the /registry/machine endpoint through the ip parameter.
impact: |
Successful exploitation of this vulnerability could allow an attacker to send crafted requests from the server, potentially leading to unauthorized access to internal resources
2022-03-23
Published