Attacker with SSRF ability can reset system user password

An attacker with the ability to perform Server Side Request Forgery (SSRF) can potentially reset the system user password, allowing access as the system user. An attacker must first find and utilize a SSRF vulnerability within the application, then discover the unadvertised address of the HTTP endpoint that is only accessible from the server side.

As of 2021.1.3, the endpoint in question requires extra access credentials.