PYSEC-2026-339 FireFighter has unauthenticated SSRF in its Raid jira_bot endpoint that allows IAM credential theft
Impact The POST /api/v2/firefighter/raid/jirabot endpoint CreateJiraBotView is reachable without authentication permissionclasses = permissions.AllowAny. Its attachments payload is fetched server-side via httpx.get with no URL validation, then uploaded as an attachment on the Jira ticket that get...