8x8 Bounty: Open TURN relay abuse is possible due to lack of peer access control (Critical)

NOTE: This is not an SSRF vulnerability but an open TURN relay vulnerability. Typically, this security vulnerability has at least the same impact as an SSRF. However it is considered more useful from an attacker's point of view since attacks are not restricted to HTTP. - Affects: - █████:443 -...

U.S. Dept Of Defense: SSRF on █████████ Allowing internal server data access

Summary: An end point on ██████ allows an internal access to the network thus revealing sensitive data and allowing internal tunneling Description: OAuth Plugin allows you to provide a url that gives a snap shot of the web page. We can pass internal URLS and conduct SSRF. Impact Critical...

Ping Identity: Server-Side Request Forgery on SAML Application - Import via URL

Summary == The My Applications feature on PingOne Identity admin allows you to add new SAML applications to your account. One feature allows you to import metadata via URI instead of via upload. This uses Java 1.8 to make an external web request to the URI supplied. Typically this is hard to...