The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:36
Type | Values Removed | Values Added |
---|---|---|
References | () http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html - Exploit, Third Party Advisory | |
References | () https://ecosystem.atlassian.net/browse/OAUTH-344 - Issue Tracking, Vendor Advisory | |
References | () https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3 - Broken Link, Third Party Advisory | |
References | () https://twitter.com/Zer0Security/status/983529439433777152 - Exploit, Third Party Advisory | |
References | () https://twitter.com/ankit_anubhav/status/973566620676382721 - Exploit, Third Party Advisory |
Information
Published : 2017-08-23 19:29
Updated : 2024-11-21 03:36
NVD link : CVE-2017-9506
Mitre link : CVE-2017-9506
CVE.ORG link : CVE-2017-9506
JSON object : View
Products Affected
atlassian
- oauth
CWE
CWE-918
Server-Side Request Forgery (SSRF)