SSRF Private Program 2025-09-01
SSRF via PDF Generator to Internal Services
Severity: Critical | Status: Resolved
Summary
The PDF export feature used a headless browser that followed redirects, allowing SSRF to internal services.
Proof of Concept
<iframe src="http://169.254.169.254/latest/meta-data/iam/security-credentials/">Impact
AWS IAM credentials exposed, potential for full cloud infrastructure compromise.
Responsible Disclosure
This vulnerability was reported responsibly and fixed by the vendor before public disclosure.