Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Server-Side Request Forgery (Cloud Metadata) - Vulnerability Database

Server-Side Request Forgery (Cloud Metadata)

Description

Server-Side Request Forgery (SSRF) vulnerability allows an attacker to perform local and/or remote network requests while impersonating the target server. Using this vulnerability, Invicti was able to access the target's cloud metadata

Remediation

Properly sanitize user input.

References

What is Server Side Request Forgery (SSRF)?
SSRF VS. BUSINESS-CRITICAL APPLICATIONS

Related Vulnerabilities

Edge Side Include injection High
Common tags: SSRF
WordPress Server-Side Request Forgery (3.7 - 6.1.1) High
Common tags: SSRF
WordPress Plugin Print My Blog-Print, PDF, & eBook Converter Server-Side Request Forgery (1.6.5) High
Common tags: SSRF
WordPress Plugin Essential Addons for Elementor Server-Side Request Forgery (2.9.8) High
Common tags: SSRF
WordPress Plugin Google Forms Server-Side Request Forgery (0.91) High
Common tags: SSRF

Severity

Critical

Classification

CWE-918
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

SSRF