|
|||
Rule General Information |
---|
Release Date: | 2021-03-30 | |
Rule Name: | Jira SSRF Vulnerability (CVE-2017-9506) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF). | |
Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
Affected OS: | Windows, Linux, Others | |
Reference: | http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html https://ecosystem.atlassian.net/browse/OAUTH-344 https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3 https://twitter.com/Zer0Security/status/983529439433777152 |
|
Solutions |
---|
The vendor has released upgrade patches to fix vulnerabilities, please visit: https://ecosystem.atlassian.net/browse/OAUTH-344 |