GHSA-MVVV-V22X-XQWP

Vulnerability from github – Published: 2026-04-15 19:43 – Updated: 2026-04-15 19:43
VLAI?
Summary
NocoBase has SSRF in Workflow HTTP Request and Custom Request Plugins
Details

Summary

NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any SSRF protection. An authenticated user can access internal network services, cloud metadata endpoints, and localhost.

Vulnerable Code

1. Workflow HTTP Request Plugin

packages/plugins/@nocobase/plugin-workflow-request/src/server/RequestInstruction.ts lines 117-128:

return axios.request({
  url: trim(url),  // User-controlled, no validation
  method,
  headers,
  params,
  timeout,
  ...(method.toLowerCase() !== 'get' && data != null
    ? { data: transformer ? await transformer(data) : data }
    : {}),
});

The url at line 98 comes directly from user workflow configuration with only whitespace trimming.

2. Custom Request Action Plugin

packages/plugins/@nocobase/plugin-action-custom-request/src/server/actions/send.ts lines 172-198:

const axiosRequestConfig = {
  baseURL: ctx.origin,
  ...options,
  url: getParsedValue(url, variables),  // User-controlled via template
  headers: { ... },
  params: getParsedValue(arrayToObject(params), variables),
  data: getParsedValue(toJSON(data), variables),
};
const res = await axios(axiosRequestConfig);  // No IP validation

Missing Protections

  • No request-filtering-agent or SSRF library (confirmed via grep across entire codebase)
  • No private IP range filtering
  • No cloud metadata endpoint blocking
  • No URL scheme validation
  • No DNS rebinding protection

Attack Scenario

  1. Authenticated user creates a workflow with HTTP Request node
  2. Sets URL to http://169.254.169.254/latest/meta-data/iam/security-credentials/
  3. Triggers the workflow
  4. Server fetches AWS metadata and returns IAM credentials in workflow execution logs

Alternatively via Custom Request action: 1. Create custom request with URL http://127.0.0.1:5432 or http://10.0.0.1:8080/admin 2. Execute the action 3. Server makes request to internal service

Impact

  • Cloud metadata theft: AWS/GCP/Azure credentials via metadata endpoints
  • Internal network access: Scan and interact with services on private IP ranges
  • Database access: Connect to localhost databases (PostgreSQL, Redis, etc.)
  • Authentication required: Yes (authenticated user), but any workspace member can create workflows
Severity ?
6.4 (Medium)
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@nocobase/plugin-workflow-request"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.37"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-40346"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-15T19:43:50Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nNocoBase\u0027s workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any SSRF protection. An authenticated user can access internal network services, cloud metadata endpoints, and localhost.\n\n## Vulnerable Code\n\n### 1. Workflow HTTP Request Plugin\n\n**`packages/plugins/@nocobase/plugin-workflow-request/src/server/RequestInstruction.ts` lines 117-128:**\n```typescript\nreturn axios.request({\n  url: trim(url),  // User-controlled, no validation\n  method,\n  headers,\n  params,\n  timeout,\n  ...(method.toLowerCase() !== \u0027get\u0027 \u0026\u0026 data != null\n    ? { data: transformer ? await transformer(data) : data }\n    : {}),\n});\n```\n\nThe `url` at line 98 comes directly from user workflow configuration with only whitespace trimming.\n\n### 2. Custom Request Action Plugin\n\n**`packages/plugins/@nocobase/plugin-action-custom-request/src/server/actions/send.ts` lines 172-198:**\n```typescript\nconst axiosRequestConfig = {\n  baseURL: ctx.origin,\n  ...options,\n  url: getParsedValue(url, variables),  // User-controlled via template\n  headers: { ... },\n  params: getParsedValue(arrayToObject(params), variables),\n  data: getParsedValue(toJSON(data), variables),\n};\nconst res = await axios(axiosRequestConfig);  // No IP validation\n```\n\n## Missing Protections\n\n- No `request-filtering-agent` or SSRF library (confirmed via grep across entire codebase)\n- No private IP range filtering\n- No cloud metadata endpoint blocking\n- No URL scheme validation\n- No DNS rebinding protection\n\n## Attack Scenario\n\n1. Authenticated user creates a workflow with HTTP Request node\n2. Sets URL to `http://169.254.169.254/latest/meta-data/iam/security-credentials/`\n3. Triggers the workflow\n4. Server fetches AWS metadata and returns IAM credentials in workflow execution logs\n\nAlternatively via Custom Request action:\n1. Create custom request with URL `http://127.0.0.1:5432` or `http://10.0.0.1:8080/admin`\n2. Execute the action\n3. Server makes request to internal service\n\n## Impact\n\n- **Cloud metadata theft**: AWS/GCP/Azure credentials via metadata endpoints\n- **Internal network access**: Scan and interact with services on private IP ranges\n- **Database access**: Connect to localhost databases (PostgreSQL, Redis, etc.)\n- **Authentication required**: Yes (authenticated user), but any workspace member can create workflows",
  "id": "GHSA-mvvv-v22x-xqwp",
  "modified": "2026-04-15T19:43:50Z",
  "published": "2026-04-15T19:43:50Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/nocobase/nocobase/security/advisories/GHSA-mvvv-v22x-xqwp"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/nocobase/nocobase"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "NocoBase has SSRF in Workflow HTTP Request and Custom Request Plugins"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.