The fix(es) for CVE-2022-0767 & CVE-2022-0766 only address loopback/localhost IP addresses, this is an issue as other internal endpoints may be accessible to an attacker (one of the most popular examples is 169.254.169.254
which is the AWS metadata address)
The same as either of the previous reports except the IP address being used should be an internal (but not local/loopback) address (e.g., the aforementioned 169.254.169.254
.
This vulnerability is capable of allowing attackers to interact with devices (or applications) running on the same network as the targeted server.