coturn is vulnerable to authorization bypass. An attacker is able to bypass validation to connect and relay packets to the loopback address.
github.com/coturn/coturn/blob/57180ab60afcaeb13537e69ae8cb8aefd8f3f546/ChangeLog#L48
github.com/coturn/coturn/commit/abfe1fd08d78baa0947d17dac0f7411c3d948e4d
github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p
lists.fedoraproject.org/archives/list/[email protected]/message/G54UIUFTEC6RLPOISMB6FUW7456SBZC4/
lists.fedoraproject.org/archives/list/[email protected]/message/M4CJOPAQT43MYAFU3UROGLEXN3Z6RS4H/
security-tracker.debian.org/tracker/CVE-2020-26262
ubuntu.com/security/CVE-2020-26262