Impact
The POST /api/v2/firefighter/raid/jira_bot endpoint (CreateJiraBotView) is
reachable without authentication (permission_classes = [permissions.AllowAny]).
Its attachments payload is fetched server-side via httpx.get() with no URL
validation, then uploaded as an attachment on the Jira ticket that gets created.
An unauthenticated caller able to reach the ingress can coerce the pod into
fetching arbitrary URLs — including the cloud metadata endpoint at
http://169.254.169.254/ — and exfiltrate the response as a Jira attachment.
On EC2/EKS deployments that do not enforce IMDSv2, this allows theft of the
temporary AWS credentials attached to the pod's IAM role. The docstring on the
view claims a Bearer token is required, but the code does not enforce it.
Affected code paths:
src/firefighter/raid/views/__init__.py — CreateJiraBotViewsrc/firefighter/raid/serializers.py — LandbotIssueRequestSerializer.attachmentssrc/firefighter/raid/client.py — RaidJiraClient.add_attachments_to_issue
Patches
Fixed in firefighter-incident 0.0.54:
CreateJiraBotView now enforces BearerTokenAuthentication + IsAuthenticated.attachments URLs are validated: http(s) scheme only, max 10 URLs, rejection
of any host resolving to a private, loopback, link-local, reserved, multicast
or unspecified IP (IPv4 and IPv6).- Fixes an unrelated
KeyError('attachments') surfaced during regression testing.
Users should upgrade to 0.0.54 or later.
Workarounds
Until upgrade is possible, any one of the following blocks end-to-end exploitation:
- Restrict ingress access to
/api/v2/firefighter/raid/jira_bot to trusted
networks only (VPN, internal load balancer).
- Rotate or revoke the Jira API token configured as
RAID_JIRA_API_PASSWORD;
this breaks jira.create_issue() before the vulnerable attachment fetch is
reached (legitimate traffic is also blocked — emergency mitigation only).
- Enforce IMDSv2 with
HttpPutResponseHopLimit=1 on EC2/EKS nodes. This does
not fix the SSRF itself but neutralises the IAM-credential-theft path.
References
- CWE-918: Server-Side Request Forgery
- CWE-306: Missing Authentication for Critical Function
Impact
The
POST /api/v2/firefighter/raid/jira_botendpoint (CreateJiraBotView) isreachable without authentication (
permission_classes = [permissions.AllowAny]).Its
attachmentspayload is fetched server-side viahttpx.get()with no URLvalidation, then uploaded as an attachment on the Jira ticket that gets created.
An unauthenticated caller able to reach the ingress can coerce the pod into
fetching arbitrary URLs — including the cloud metadata endpoint at
http://169.254.169.254/— and exfiltrate the response as a Jira attachment.On EC2/EKS deployments that do not enforce IMDSv2, this allows theft of the
temporary AWS credentials attached to the pod's IAM role. The docstring on the
view claims a Bearer token is required, but the code does not enforce it.
Affected code paths:
src/firefighter/raid/views/__init__.py—CreateJiraBotViewsrc/firefighter/raid/serializers.py—LandbotIssueRequestSerializer.attachmentssrc/firefighter/raid/client.py—RaidJiraClient.add_attachments_to_issuePatches
Fixed in
firefighter-incident0.0.54:CreateJiraBotViewnow enforcesBearerTokenAuthentication+IsAuthenticated.attachmentsURLs are validated: http(s) scheme only, max 10 URLs, rejectionof any host resolving to a private, loopback, link-local, reserved, multicast
or unspecified IP (IPv4 and IPv6).
KeyError('attachments')surfaced during regression testing.Users should upgrade to
0.0.54or later.Workarounds
Until upgrade is possible, any one of the following blocks end-to-end exploitation:
/api/v2/firefighter/raid/jira_botto trustednetworks only (VPN, internal load balancer).
RAID_JIRA_API_PASSWORD;this breaks
jira.create_issue()before the vulnerable attachment fetch isreached (legitimate traffic is also blocked — emergency mitigation only).
HttpPutResponseHopLimit=1on EC2/EKS nodes. This doesnot fix the SSRF itself but neutralises the IAM-credential-theft path.
References