A security researcher has discovered a severe vulnerability in StackStorm, aka “IFTTT for Ops,” a powerful event-driven automation tool. The vulnerability resides in the way the StackStorm REST API improperly handled CORS (cross-origin resource sharing) headers. To exploit this vulnerability, an attacker simply needs to send a maliciously-crafted link to a victim, allowing it to “read/update/create actions and workflows, get internal IPs and execute a command on each machine”
Source: https://thehackernews.com/2019/03/stackstorm-security-vulnerability.html