Internal SSRF bypass using slash commands at api.slack.com
Medium
S
Slack
Submitted None
Team Summary
Official summary from Slack
@albatraoz found a bypass to report #61312, allowing information leakage via SSRF in Slash commands. We fixed the vulnerability and performed a through investigation. Thanks @albatraoz!
Actions:
Reported by
albatraoz
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Server-Side Request Forgery (SSRF)