Google Cloud Apigee Server-Side Request Forgery Vulnerability in SetIntegrationRequest Policy

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Google Cloud Apigee platform, specifically within the SetIntegrationRequest policy. This vulnerability allows remote attackers to exfiltrate service account access tokens. The issue arises from the IntegrationRegion parameter, which lacks proper validation, enabling attackers to manipulate flow variables and send requests to an attacker-controlled host with the service account token. The vulnerability affects Apigee and Apigee Hybrid deployments, but only under certain insecure API proxy configurations.

Impact

Exploitation of this vulnerability could lead to unauthorized access to service account tokens, which could be misused to access resources or perform actions on behalf of the service account.

Remediation

For Apigee users, no action is required as vulnerability fixes have been applied to the latest release. Apigee Hybrid customers must upgrade to one of the following security patch releases: 1.14.4, 1.15.2, or 1.16.1.