Security Bulletin: SSRF Protection Configuration Vulnerability
Summary A configuration vulnerability was identified where SSRF Server-Side Request Forgery protection could be disabled through default settings, potentially allowing authenticated users to make the server fetch arbitrary URLs including cloud metadata endpoints 169.254.169.254, internal services...