CNNVD-202512-135 Information

CNNVD ID

CNNVD-202512-135

Related CVE

CVE-2025-13809

• CNNVD Published: 2025-12-01

Description (Chinese)

orion-ops是李佳航个人开发者的一个一站式自动化运维及自动化部署平台。 orion-ops存在安全漏洞，该漏洞源于文件MachineInfoController.java中参数host/sshPort/username/password/authType的错误操作，可能导致服务端请求伪造。

Description (English)

Orion-ops is a one-stop automated transport and automated deployment platform for Li Jia-avian personal developers. There is a security loophole in the orion-ops, which stems from the error of the argument host/sshPort/username/password/authType in the MachineInfoController.java document, which may lead to the forgery of service requests.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-12-01

Last Modified

2026-02-24

References

https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-ssrf-1/report.md https://github.com/Xzzz111/exps/blob/main/archives/orion-ops-ssrf-1/report.md#proof-of-concept https://vuldb.com/?ctiid.333819 https://vuldb.com/?id.333819 https://vuldb.com/?submit.692069