S-001 - Reverse Proxy Misconfiguration Leading to Service Compromise
Purpose
Model how a misconfiguration in the reverse proxy could expose internal services or allow unintended access paths.
Target Asset / Capability
Threat Source
- External attacker
Scenario Description
An attacker exploits a misconfiguration in the reverse proxy to access unintended backend services or bypass expected access restrictions.
Attack / Failure Path
- Attacker scans exposed HTTP/HTTPS services
- Identifies misconfigured routing or exposed endpoint
- Accesses unintended backend (e.g. Gitea interface or API)
- Exploits weak access control or exposed functionality
- Gains unauthorized access or extracts data
Exposure Conditions
- Misconfigured routing rules
- Lack of strict access control at proxy level
- Absence of request filtering (WAF)
- Co-location of multiple services on the same host
Potential Impacts
- Unauthorized access to internal services
- Exposure of code repositories or configuration
- Pivot to other systems via credentials or CI/CD
Existing Safeguards
- HTTPS enforced
- Limited exposed ports
- Basic reverse proxy configuration
Residual Concerns
- No advanced filtering (WAF)
- Shared environment increases blast radius
Related Risk Entry
Owner / Review Role
- Security Role (Sec)