An unauthenticated attacker can exploit an SSRF vulnerability in the FireFighter API to exfiltrate sensitive AWS IAM credentials from the underlying infrastructure.

This is a Server-Side Request Forgery (SSRF) vulnerability in the /api/v2/firefighter/raid/jira_bot endpoint. An unauthenticated attacker can force the application to fetch arbitrary URLs, which, in cloud environments without IMDSv2, leads to the exposure of temporary AWS credentials.

The impact of this vulnerability is critical, as it provides an attacker with direct access to cloud resources via stolen IAM credentials. With a CVSS score of 9.9, this vulnerability can lead to full compromise of the cloud environment and any data residing within.

Immediate Action: Update FireFighter to version 0.0.54 or later.

Proactive Monitoring: Monitor AWS CloudTrail logs for unauthorized API calls originating from the application's IAM role.

Compensating Controls: Enforce IMDSv2 (Instance Metadata Service Version 2) on all EC2/EKS instances to require session-oriented authentication for metadata requests.

Public Exploit Available: false

This vulnerability is extremely severe. Immediate patching is required, and administrators must simultaneously verify that IMDSv2 is strictly enforced across their cloud infrastructure to prevent credential exfiltration.