Skip to content

Information Disclosure: Private IP

Identifier: private_ip

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

The issue here is that internal network addresses, which should remain hidden, are showing up in responses that might be seen publicly. When private IPs or hostnames from internal systems like EC2 appear outside their intended environment, attackers could use this information to learn about your network's structure and launch targeted attacks. Developers can inadvertently expose sensitive details through misconfigurations or overly verbose error messages, which leads to increased risks if the problem isnt fixed promptly.

Configuration

Example

Example configuration:

---
security_tests:
  private_ip:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.