blob: 9795ad11b0b427fde5399adac99fec1c9aaf505a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
---
stage: Secure
group: Dynamic Analysis
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
# Exposure of sensitive information to an unauthorized actor (private IP address)
## Description
A private RFC 1918 was identified in the target application. Public facing websites should not be issuing
requests to private IP Addresses. Attackers attempting to execute subsequent attacks, such as Server-Side
Request Forgery (SSRF), may be able to use this information to identify additional internal targets.
## Remediation
Identify the resource that is incorrectly specifying an internal IP address and replace it with it's public
facing version, or remove the reference from the target application.
## Details
| ID | Aggregated | CWE | Type | Risk |
|:---|:--------|:--------|:--------|:--------|
| 200.1 | true | 200 | Passive | Low |
## Links
- [CWE](https://cwe.mitre.org/data/definitions/200.html)
- [RFC](https://datatracker.ietf.org/doc/html/rfc1918)
|
