Uber: Full read SSRF in flyte-poc-us-east4.uberinternal.com

Uber summary TBD. @shubs and I discovered an instance of Flyte Console on uberinternal.com. After auditing the open source code, we noticed an unauthenticated route for a “CORS proxy”. This was a classic server-side request forgery issue, allowing us to pass an arbitrary request to be performed b...