2022-04-04 11:22:00 +05:30
---
stage: Secure
group: Dynamic Analysis
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
# Exposure of sensitive information to an unauthorized actor (private IP address)
## Description
2022-07-23 23:45:48 +05:30
A private RFC 1918/RFC 4193 address was identified in the target application. Public facing websites should not be issuing
2022-05-07 20:08:51 +05:30
requests to private IP Addresses. Attackers attempting to execute subsequent attacks, such as Server-Side
2022-04-04 11:22:00 +05:30
Request Forgery (SSRF), may be able to use this information to identify additional internal targets.
## Remediation
2022-05-07 20:08:51 +05:30
Identify the resource that is incorrectly specifying an internal IP address and replace it with it's public
2022-04-04 11:22:00 +05:30
facing version, or remove the reference from the target application.
## Details
| ID | Aggregated | CWE | Type | Risk |
|:---|:--------|:--------|:--------|:--------|
| 200.1 | true | 200 | Passive | Low |
## Links
- [CWE ](https://cwe.mitre.org/data/definitions/200.html )
- [RFC ](https://datatracker.ietf.org/doc/html/rfc1918 )
2022-07-23 23:45:48 +05:30
- [RFC ](https://datatracker.ietf.org/doc/html/rfc4193 )
