Glassfish SSRF vulnerability in /download/log endpoint
## Basic information
**Project name:** Glassfish
**Project id:** ee4j.glassfish
## What are the affected versions?
[6.2.5 - ?]
## Details of the issue
I discovered SSRF vulnerability in glassfish 6.2.5 product. It's details;
Vulnerable Path:https://[targetexample]:4848/download/log/?contentSourceId=LogViewer&start=56783&instanceName=server&restUrl=https%3A%2F%2Flocalhost%3A4848%2Fmanagement%2Fdomain
Vulnerable parameter: restUrl
OS: Ubuntu 22.04
Payload: https%3A%2F%2Flocalhost%3A4848
The specified vulnerable parameter (restUrl) causes the SSRF vulnerability. In this way, an attacker can obtain critical and sensitive service information for the system, such as port scanning. Or, he can direct the server information to other resources within the network. This situation is shown in order below.
issue