Describe the bug
Server-Side Request Forgery attacks occur when attackers abuse application functionality that is normally used to access networked resources. This functionality often directly references these resources based on user input, and the server does not perform proper server-side input validation before accessing any referenced resources. This could allow attackers to force the server-side application to access networked resources, including potentially malicious external resources.
In the NGB application, arbitrary URLs can be supplied to the web service used to access file contents. However, the file contents were not observed to be returned, because specific file type structures were expected.
Due to being able to send request out to server, the severity of this finding is elevated to better align with Customer's internal severity ranking.
Describe the bug
Server-Side Request Forgery attacks occur when attackers abuse application functionality that is normally used to access networked resources. This functionality often directly references these resources based on user input, and the server does not perform proper server-side input validation before accessing any referenced resources. This could allow attackers to force the server-side application to access networked resources, including potentially malicious external resources.
In the NGB application, arbitrary URLs can be supplied to the web service used to access file contents. However, the file contents were not observed to be returned, because specific file type structures were expected.
Due to being able to send request out to server, the severity of this finding is elevated to better align with Customer's internal severity ranking.