2 matches found
CVE-2026-33458
Server-Side Request Forgery CWE-918 in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data...
GHSA-FGQV-JH4G-PVG2 Budibase: SSRF Bypass via HTTP Redirect in REST Datasource Integration
Summary The REST datasource integration follows HTTP redirects without re-checking the IP blacklist, allowing an authenticated Builder to access internal services cloud metadata, databases by redirecting through an attacker-controlled server. The same vulnerability class was already patched in...