I have setup SQ (version : 7.9.6) on Kubernetes platform. I am able to access SQ and SQ is running fine.
DAST( Dynamic Application Security Testing- by GitLab) has detected vulnerability (marked as High)
stating “Cloud Metadata Potentially Exposed”
Detailed description as follows:
The Cloud Metadata Attack attempts to abuse a misconfigured NGINX server in order to access the instance metadata maintained by cloud service providers such as AWS, GCP and Azure. All of these providers provide metadata via an internal unroutable IP address '169.254.169.254' - this can be exposed by incorrectly configured NGINX servers and accessed by using this IP address in the Host header field. * **Severity:** High * **Scan Type:** dast * **Scanner:** OWASP Zed Attack Proxy (ZAP) * **Method:** `GET` * **Evidence:** Based on the successful response status code cloud metadata may have been returned in the response. Check the response data to see if any cloud metadata has been returned. The meta data returned can include information that would allow an attacker to completely compromise the system. Solution Do not trust any user data in NGINX configs. In this case it is probably the use of the $host variable which is set from the 'Host' header and can be controlled by an attacker.
I am using AWS Load Balancer to access SQ service by endpoint.
Here, I am not using any external Apache/Nginx web server for hosting SQ service.
And as far as I know, SQ installation zip comes up with web server configuration as well. Please correct me if my understanding is not correct.
APease help to resolve the issue