Exposure of sensitive information to an unauthorized actor (private IP address)

Description

A private RFC 1918 was identified in the target application. Public facing websites should not be issuing requests to private IP Addresses. Attackers attempting to execute subsequent attacks, such as Server-Side Request Forgery (SSRF), may be able to use this information to identify additional internal targets.

Remediation

Identify the resource that is incorrectly specifying an internal IP address and replace it with it’s public facing version, or remove the reference from the target application.

Details

ID Aggregated CWE Type Risk
200.1 true 200 Passive Low