Full read SSRF via Lark Docs `import as docs` feature
Critical
L
Lark Technologies
Submitted None
Team Summary
Official summary from Lark Technologies
A SSRF (server side request forgery) vulnerability was found in the LarkDocs using the "import as docs" feature, which could have potentially been used to access services running on the internal network. We thank @sirleeroyjenkins for reporting this to our team and confirming the resolution.
Actions:
Reported by
sirleeroyjenkins
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$5000.00
Submitted
Weakness
Server-Side Request Forgery (SSRF)