Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.9
CVE-2026-42864: FireFighter's Jira Bot Endpoint Allows Unauthorized Access to AWS Credentials
GHSA-fqvv-jvhr-g5jc
CVE-2026-42864
Summary
An attacker can exploit a security weakness in FireFighter's Jira bot feature to steal sensitive AWS credentials. This can happen if an unauthenticated user can access the FireFighter server. To protect against this, make sure you are running the latest version of FireFighter (0.0.54 or later) and ensure that your AWS environment is properly configured to prevent unauthorized access to credentials.
What to do
- Update firefighter-incident to version 0.0.54.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| pip | – | firefighter-incident |
< 0.0.54 Fix: upgrade to 0.0.54
|
Original title
FireFighter has unauthenticated SSRF in its Raid jira_bot endpoint that allows IAM credential theft
Original description
### Impact
The `POST /api/v2/firefighter/raid/jira_bot` endpoint (`CreateJiraBotView`) is
reachable without authentication (`permission_classes = [permissions.AllowAny]`).
Its `attachments` payload is fetched server-side via `httpx.get()` with no URL
validation, then uploaded as an attachment on the Jira ticket that gets created.
An unauthenticated caller able to reach the ingress can coerce the pod into
fetching arbitrary URLs — including the cloud metadata endpoint at
`http://169.254.169.254/` — and exfiltrate the response as a Jira attachment.
On EC2/EKS deployments that do not enforce IMDSv2, this allows theft of the
temporary AWS credentials attached to the pod's IAM role. The docstring on the
view claims a Bearer token is required, but the code does not enforce it.
Affected code paths:
- `src/firefighter/raid/views/__init__.py` — `CreateJiraBotView`
- `src/firefighter/raid/serializers.py` — `LandbotIssueRequestSerializer.attachments`
- `src/firefighter/raid/client.py` — `RaidJiraClient.add_attachments_to_issue`
### Patches
Fixed in `firefighter-incident` `0.0.54`:
- `CreateJiraBotView` now enforces `BearerTokenAuthentication` + `IsAuthenticated`.
- `attachments` URLs are validated: http(s) scheme only, max 10 URLs, rejection
of any host resolving to a private, loopback, link-local, reserved, multicast
or unspecified IP (IPv4 and IPv6).
- Fixes an unrelated `KeyError('attachments')` surfaced during regression testing.
Users should upgrade to `0.0.54` or later.
### Workarounds
Until upgrade is possible, any one of the following blocks end-to-end exploitation:
- Restrict ingress access to `/api/v2/firefighter/raid/jira_bot` to trusted
networks only (VPN, internal load balancer).
- Rotate or revoke the Jira API token configured as `RAID_JIRA_API_PASSWORD`;
this breaks `jira.create_issue()` before the vulnerable attachment fetch is
reached (legitimate traffic is also blocked — emergency mitigation only).
- Enforce IMDSv2 with `HttpPutResponseHopLimit=1` on EC2/EKS nodes. This does
not fix the SSRF itself but neutralises the IAM-credential-theft path.
### Resources
- CWE-918: Server-Side Request Forgery
- CWE-306: Missing Authentication for Critical Function
The `POST /api/v2/firefighter/raid/jira_bot` endpoint (`CreateJiraBotView`) is
reachable without authentication (`permission_classes = [permissions.AllowAny]`).
Its `attachments` payload is fetched server-side via `httpx.get()` with no URL
validation, then uploaded as an attachment on the Jira ticket that gets created.
An unauthenticated caller able to reach the ingress can coerce the pod into
fetching arbitrary URLs — including the cloud metadata endpoint at
`http://169.254.169.254/` — and exfiltrate the response as a Jira attachment.
On EC2/EKS deployments that do not enforce IMDSv2, this allows theft of the
temporary AWS credentials attached to the pod's IAM role. The docstring on the
view claims a Bearer token is required, but the code does not enforce it.
Affected code paths:
- `src/firefighter/raid/views/__init__.py` — `CreateJiraBotView`
- `src/firefighter/raid/serializers.py` — `LandbotIssueRequestSerializer.attachments`
- `src/firefighter/raid/client.py` — `RaidJiraClient.add_attachments_to_issue`
### Patches
Fixed in `firefighter-incident` `0.0.54`:
- `CreateJiraBotView` now enforces `BearerTokenAuthentication` + `IsAuthenticated`.
- `attachments` URLs are validated: http(s) scheme only, max 10 URLs, rejection
of any host resolving to a private, loopback, link-local, reserved, multicast
or unspecified IP (IPv4 and IPv6).
- Fixes an unrelated `KeyError('attachments')` surfaced during regression testing.
Users should upgrade to `0.0.54` or later.
### Workarounds
Until upgrade is possible, any one of the following blocks end-to-end exploitation:
- Restrict ingress access to `/api/v2/firefighter/raid/jira_bot` to trusted
networks only (VPN, internal load balancer).
- Rotate or revoke the Jira API token configured as `RAID_JIRA_API_PASSWORD`;
this breaks `jira.create_issue()` before the vulnerable attachment fetch is
reached (legitimate traffic is also blocked — emergency mitigation only).
- Enforce IMDSv2 with `HttpPutResponseHopLimit=1` on EC2/EKS nodes. This does
not fix the SSRF itself but neutralises the IAM-credential-theft path.
### Resources
- CWE-918: Server-Side Request Forgery
- CWE-306: Missing Authentication for Critical Function
ghsa CVSS3.1
9.9
Vulnerability type
CWE-306
Missing Authentication for Critical Function
CWE-918
Server-Side Request Forgery (SSRF)
Published: 5 May 2026 · Updated: 28 May 2026 · First seen: 5 May 2026