CRITICAL: SSRF to Cloud Metadata Exfiltration & Internal Network Takeover (CVSS 9.1)

[emmanuelkings949-pixel]

💥 High-Stakes Impact (CVSS 9.1)
This is a Full-Read SSRF. An attacker can bypass the intended AI proxy to:

Exfiltrate Cloud Credentials: Accessing http://169.254.169.254/latest/meta-data/iam/security-credentials/ to steal AWS/GCP service tokens.

Internal Network Takeover: Scan and interact with internal databases, Redis instances, or K8s management APIs that are not exposed to the internet.

Bypass Firewalls: Use the server as a "pivot point" to launch attacks deeper into the AIxBlock infrastructure.

Successful exploitation allows for the complete compromise of the AIxBlock cloud environment, equivalent in impact to remote code execution (RCE) at the infrastructure level.

                                 🔍 Technical Proof of Vulnerability (CodeQL Analysis)

The following screenshots confirm the data flow from the untrusted user parameter to the dangerous internal request:

The Entry Point: The request.params['*'] parameter is taken directly from the URL without validation.

The Execution Point: This unvalidated data is used to construct the url variable and passed into the fetch() function.

[emmanuelkings949-pixel]

Hi @AIxBlock Team, I'm checking in on this Critical SSRF (9.1) fix. It has been over a week since submission, and I wanted to ensure the validation is proceeding okay or if you need any further info from me! Thanks.

[emmanuelkings949-pixel]

Official report logged in Discussions here:#409