/

Atlassian OAuth Plugin

/

Copy link to issue

summary

The icon-uri servlet allows arbitrary HTTP requests to be proxied - CVE-2017-9506

Description

The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw can used to access to a metadata resource that provides access credentials and other potentially confidential information.

Environment

Environment

None

Testing Notes

Testing Notes

None

Activity

Show:

David Black

May 30, 2017, 11:58 PM

Copy link to comment

CVSS v3 score: 6.1 => Medium severity

Exploitability Metrics

Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User Interaction	Required

Scope Metric

Scope	Changed

Impact Metrics

Confidentiality	Low
Integrity	Low
Availability	None

Vincent Kopa - Ovyka

November 13, 2020, 4:49 PM

Copy link to comment

Hello, is there a version matrix for this component VS Jira & Confluence versions ?

David Black

November 15, 2020, 11:05 PM

Copy link to comment

Hi ,
Are you perhaps looking for https://jira.atlassian.com/browse/CONFSERVER-53362 & https://jira.atlassian.com/browse/JRASERVER-65862 ?

Vincent Kopa - Ovyka

November 16, 2020, 12:02 AM

Copy link to comment

Hi David, thanks a lot, the “new view” in Jira Cloud doesn’t show external links yet…

Fixed

Assignee

Assignee

Petro Semeniuk

Reporter

Reporter

David Black

Labels

Labels

advisory-released

Add-on Type

Add-on Type

None

Team

Team

None

CC

CC

None

Risk factor

Risk factor

None

QA Kickoff Status

QA Kickoff Status

None

QA Demo Status

QA Demo Status

None

Fix versions

Fix versions

Affects versions

Affects versions

Priority

Priority

Major