Blind SSRF on velodrome.canary.k8s.io
Low
K
Kubernetes
Submitted None
Team Summary
Official summary from Kubernetes
A blind server-side request forgery (SSRF) was found at the endpoint `http://velodrome.canary.k8s.io/api/snapshots` via a JSON parameter. An attacker can force the host to make a request to arbitrary URLs.
Actions:
Reported by
rhynorater
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Server-Side Request Forgery (SSRF)