Server-Side Request Forgery (SSRF)
| Property | |
|---|---|
| Language | csharp |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The application makes HTTP requests using user-supplied input without validating or restricting the URLs. This allows attackers to trick the server into sending requests to unintended or sensitive locations.
Impact#
If exploited, attackers could access internal services, sensitive files, or cloud metadata endpoints from within your network. This could lead to data exposure, bypass of security controls, or leveraging your server for further attacks.