The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information.
CPE | Name | Operator | Version |
---|---|---|---|
jira server and data center | lt | 7.6.1 | |
jira server and data center | le | 7.4.2 | |
jira server and data center | lt | 7.7.0 |