Closed ystarikovich closed 3 years ago
ryan-lane
commented
4 years ago For this we'd need to implement the SSRF mechanism in metadataproxy. It's a feature we want, but it's not on our roadmap right now.
If you're able to implement this, we'd definitely love to take a PR for it.
ryan-lane
commented
4 years ago Thanks for the report BTW! :)
dschaller
commented
3 years ago Thank you for you contribution to this repository.
Closing this contribution as this repository is being archived.
After upgrading underlying applications to new version of AWS SDK, call to the http://169.254.169.254/latest/api/token with PUT method is not working.
Which was introduced https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/