Nezha

A RoleMember in Nezha monitoring dashboard can achieve cross-tenant remote code execution by injecting arbitrary commands into cron tasks due to insufficient authorization checks, impacting all monitored hosts in the deployment.

Nezha Monitoring is vulnerable to a server-side request forgery (SSRF) vulnerability, where a low-privilege RoleMember user can call notification routes and send HTTP requests to a user-controlled URL, with the entire response body reflected back to the caller, potentially exposing intranet resources and causing denial of service.