Server-Side Request Forgery (SSRF)
| Property | |
|---|---|
| Language | csharp |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The application accepts a URL or similar input and uses it to make server-side HTTP requests without properly validating or restricting the destination. This can let attackers supply malicious URLs that the server will fetch on their behalf.
Impact#
If exploited, attackers could access internal systems, sensitive data, or cloud metadata that should not be exposed outside the network. This can result in data leaks, unauthorized network access, or even allow attackers to pivot deeper into your infrastructure.