The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506

2017-03-21T20:59:01
ID ATLASSIAN:CWD-4883
Type atlassian
Reporter rgallagher@atlassian.com
Modified 2019-08-19T08:01:07

Description

The version of the bundled Atlassian OAuth plugin was vulnerable to Server Side Request Forgery (SSRF). This allowed a XSS and or a SSRF attack to be performed. More information about the Atlassian OAuth plugin issue see https://ecosystem.atlassian.net/browse/OAUTH-344 .