Tencent Blueking CMDB versions 3.2.x to 3.9.x contain a Server-Side Request Forgery (SSRF) vulnerability identified as CVE-2024-22873. This vulnerability resides in the event subscription feature implemented in the /service/subscription.go component. SSRF vulnerabilities allow attackers to manipulate server-side requests to access internal or otherwise protected network resources that are not directly accessible from the outside. In this case, an attacker can craft a malicious POST request to the subscription endpoint, causing the server to perform unauthorized internal requests. The vulnerability does not require authentication but does require user interaction (UI:R), indicating some form of user-triggered action may be necessary. The CVSS v3.1 score is 8.1, reflecting a high severity due to the network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and high impacts on confidentiality and integrity (C:H/I:H) but no impact on availability (A:N). Exploiting this SSRF could allow attackers to access sensitive internal services, potentially leading to data leakage, unauthorized internal reconnaissance, or further exploitation within the internal network. Although no public exploit code or active exploitation has been reported, the vulnerability's characteristics warrant urgent attention. The CWE-918 classification confirms the SSRF nature of the flaw. No official patches are listed yet, so organizations must monitor vendor advisories and consider temporary mitigations.

The primary impact of CVE-2024-22873 is unauthorized access to internal network resources through SSRF, which can lead to significant confidentiality breaches by exposing sensitive internal data or services. Integrity may also be compromised if attackers leverage internal requests to manipulate or interfere with internal systems. While availability is not directly affected, the breach of confidentiality and integrity can have cascading effects on organizational security posture. For organizations relying on Tencent Blueking CMDB for IT asset and configuration management, this vulnerability could expose critical infrastructure details, enabling further targeted attacks. The ease of exploitation without authentication increases the risk profile, especially in environments where the CMDB is accessible externally or insufficiently segmented. This could affect cloud environments, enterprise IT management, and government or critical infrastructure sectors using Blueking CMDB. The absence of known exploits in the wild currently reduces immediate risk but does not diminish the potential for future exploitation. Organizations worldwide using affected versions face risks of internal network reconnaissance, data exfiltration, and potential lateral movement by attackers.

1. Immediate mitigation involves restricting external access to the Tencent Blueking CMDB event subscription endpoint, ideally limiting it to trusted internal networks only. 2. Implement strict input validation and sanitization on the subscription POST request parameters to prevent malicious URL injection. 3. Employ network segmentation and firewall rules to limit the CMDB server's ability to initiate arbitrary internal requests, reducing SSRF impact. 4. Monitor logs for unusual POST requests to the subscription endpoint that could indicate exploitation attempts. 5. Apply the official patch from Tencent as soon as it becomes available; until then, consider disabling the event subscription feature if feasible. 6. Conduct internal security assessments and penetration testing focused on SSRF vectors within the CMDB environment. 7. Educate administrators and users about the risk of SSRF and the importance of cautious interaction with subscription features. 8. Use web application firewalls (WAFs) with SSRF detection capabilities to block suspicious requests targeting the vulnerable endpoint. These measures combined can significantly reduce the risk of exploitation until a permanent fix is deployed.