SSRF vulnerability found in Google Cloud
SSRF vulnerability found in Google Cloud: Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing. It is a type of attack by the name SSRF, the attacker might cause the server to make a connection to internal-only services within the organization's infrastructure. In other cases, they may be able to force the server to connect to arbitrary external systems, potentially leaking sensitive data such as authorization credentials. A URL parsing bug left an internal Google Cloud project open to server-side request forgery (SSRF) attacks, security researcher David Schütz has found. Now fixed, the bug, which Schütz has documented in a comprehensive video and blog post, could have allowed an attacker to access sensitive resources and possibly run malicious code. Schütz found the bug...