SSRF vulnerability found in Google Cloud
Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing.
It is a type of attack by the name SSRF, the attacker might cause the server to make a connection to internal-only services within the organization's infrastructure. In other cases, they may be able to force the server to connect to arbitrary external systems, potentially leaking sensitive data such as authorization credentials.
A URL parsing bug left an internal Google Cloud project open to server-side request forgery (SSRF) attacks, security researcher David Schütz has found. Now fixed, the bug, which Schütz has documented in a comprehensive video and blog post, could have allowed an attacker to access sensitive resources and possibly run malicious code.
Schütz found the bug while doing research on Discovery Documents, data structures that provide specifications for Google API services. While exploring the Discovery Documents, Schütz stumbled on an interesting service called Jobs API, whose name suggested it was an internal service.
A successful SSRF attack can often result in unauthorized actions or access to data within the organization, either in the vulnerable application itself or on other back-end systems that the application can communicate with. In some situations, the SSRF vulnerability might allow an attacker to perform arbitrary command execution.
An SSRF exploit that causes connections to external third-party systems might result in malicious onward attacks that appear to originate from the organization hosting the vulnerable application.
SSRF attacks often exploit trust relationships to escalate an attack from the vulnerable application and perform unauthorized actions. These trust relationships might exist in relation to the server itself, or in relation to other back-end systems within the same organization.
The request exposed the proxy app’s access token, which he could then use to send requests to other internal Google Cloud projects. In this particular bug, the core issue was a URL parsing bug, which lead to the SSRF,” Schütz told The Daily Swig.
Last year, Schütz had found a similar bug in a Google JavaScript library that was used in many Google services.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.