appsec.fyi · Sources

tenable.com

5 curated AppSec resources from tenable.com across 3 topics on appsec.fyi.

tenable.com

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-11.

SSRF 3 Secrets 1 XXE 1
Date Added Resource Excerpt
2026-04-11 2026Google Cloud SIEM Service Account Token LeakSecretsWriteup of a Google Security Operations vulnerability (TRA-2025-52) allowing SIEM tenant service account token leakage. Manipulation of the API root parameter in custom integrations forced job execution through a code path that exposed the highly privileged cloud-platform scoped service account access token to an attacker-controlled server. This enabled privilege escalation and unauthorized actions within the Google Cloud project.
2026-04-10 2026GCP SSRF on Action Hub Extension - TenableSSRFWriteup detailing SSRF in GCP Action Hub's DataRobot action used by Looker. This vulnerability allows authenticated attackers to bypass IP allowlists and probe internal APIs by supplying malicious URLs that the Action Hub's server then requests. Google has since addressed the issue.
2026-04-06 2026CVE-2026-29924: XXE VulnerabilityXXECVE-2026-29924: XXE Vulnerability
2025-08-14 2025Critical SSRF vulnerability in Microsoft Copilot StudioSSRFWriteup detailing a critical Server-Side Request Forgery (SSRF) vulnerability in Microsoft Copilot Studio. This vulnerability allowed researchers to bypass SSRF protections by using HTTP 301 redirects, ultimately accessing the Instance Metadata Service (IMDS) and internal Cosmos DB instances. The bypass technique involved redirecting requests to an attacker-controlled server, which then redirected back to the restricted target, and a novel method of inserting newlines into header values to bypass IMDS header requirements.
2024-10-17 2024Exfiltrated, Signed, Delivered – What Can Go Wrong When an Amazon Elastic Compute Cloud (EC2) Instance is Exposed to SSRFSSRFTool embedded in CNAPPgoat demonstrates how Server-Side Request Forgery (SSRF) exposure on an Amazon EC2 instance can be weaponized with exfiltrated credentials to trigger AWS service calls, bypassing standard detection methods. This technique, leveraging tools like Stephen Bradshaw's `aws_url_signer`, allows attackers to generate signed URLs that appear legitimate to the instance, making it crucial for customers to secure deployed applications and prevent SSRF vulnerabilities as part of their shared responsibility.