Information Disclosure: Private IP¶

Identifier: private_ip

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

The issue here is that internal network addresses, which should remain hidden, are showing up in responses that might be seen publicly. When private IPs or hostnames from internal systems like EC2 appear outside their intended environment, attackers could use this information to learn about your network's structure and launch targeted attacks. Developers can inadvertently expose sensitive details through misconfigurations or overly verbose error messages, which leads to increased risks if the problem is not fixed promptly.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  private_ip:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.