cbcvebase.
CVE-2021-44139
published 2022-03-23

CVE-2021-44139: Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF).

PriorityP355high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
6.49%
92.9th percentile
Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF).

Affected

1 ranges
VendorProductVersion rangeFixed in
hashicorpsentinel

Detection & IOCsextracted from sources · hover to see the quote

url/registry/machine?app={{rand_base(5)}}&appType=0&version=0&hostname={{rand_base(5)}}&ip={{interactsh-url}}&port=0
path/registry/machine
  • SSRF trigger: HTTP GET to /registry/machine with the `ip` parameter set to an attacker-controlled out-of-band (OOB/interactsh) URL; confirm exploitation by observing a DNS interaction back to the callback host.
  • Confirm successful SSRF exploitation by matching both `"success":true` and `"msg":"success"` in the JSON response body, alongside `application/json` in the response header.
  • Hunt for exposed Sentinel Dashboard instances using Shodan query `title:"Sentinel Dashboard"` or FOFA query `title="sentinel dashboard"` as initial reconnaissance targets.
  • The vulnerability is pre-authentication (no credentials required); any unauthenticated GET request to /registry/machine with a crafted `ip` parameter should be treated as a potential exploitation attempt.
  • ·Vulnerability is version-specific; only Alibaba Sentinel 1.8.2 is confirmed affected. The CPE in the template incorrectly references `hashicorp:sentinel` — the actual affected product is `alibaba:sentinel`.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.