GitLab: Unauthenticated blind SSRF in OAuth Jira authorization controller
The Oauth::Jira::AuthorizationsControlleraccesstoken endpoint is vulnerable to a blind SSRF vulnerability. The vulnerability allows an attacker to make arbitrary HTTP/HTTPS requests inside a GitLab instance's network. Proof of concept To reproduce the vulnerability, follow the steps below. - spin...