top | item 46638630

(no title)

chc4 | 1 month ago

SSRF is not just a DoS.

discuss

To have a significant impact SSRF needs to be combined with a second worse vulnerability: An endpoint that trusts unauthenticated requests just because they come from within the local network. Sadly several popular clouds have such a vulnerability out of the box (metadata endpoint).

staticassertion|1 month ago

Yeah, that's less of a "vulnerability" and more of how I expect 99% of companies to handle authentication within a network (sadly).