python · pyctiCritical
pycti: SSRF vulnerability in data ingestion via unvalidated URLs
OpenCTI's data ingestion accepts user-supplied URLs without validation and uses Axios with default configuration (allowAbsoluteUrls: true), enabling SSRF attack
What changed
OpenCTI's data ingestion accepts user-supplied URLs without validation and uses Axios with default configuration (allowAbsoluteUrls: true), enabling SSRF attacks to arbitrary endpoints including internal services.
Who it affects
All users of OpenCTI who utilize the data ingestion feature, especially those in cloud environments where internal metadata services could be targeted.
What to do today
Update OpenCTI to the latest patched version and review any custom configurations to ensure URL validation is enforced.
The trail
Collected→
Audited→
Written→
Published
Source
GitHub Advisory · pycti