The VerifyPopServerConnection resource was vulnerable to SSRF - CVE-2018-13404

2018-12-0302:58:19

security-metrics-bot

jira.atlassian.com

0.001 Low

EPSS

Percentile

32.0%

JSON

The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability.

CPENameOperatorVersion
jira server and data centerlt7.6.10
jira server and data centerle7.11.0
jira server and data centerlt7.12.3
jira server and data centerlt7.7.5
jira server and data centerlt7.11.3
jira server and data centerlt8.0.0
jira server and data centerlt7.8.5
jira server and data centerlt7.10.3
jira server and data centerlt7.13.1
jira server and data centerlt7.9.3

Name	Operator	Version
jira server and data center	lt	7.6.10
jira server and data center	le	7.11.0
jira server and data center	lt	7.12.3
jira server and data center	lt	7.7.5
jira server and data center	lt	7.11.3
jira server and data center	lt	8.0.0
jira server and data center	lt	7.8.5
jira server and data center	lt	7.10.3
jira server and data center	lt	7.13.1
jira server and data center	lt	7.9.3

0.001 Low

EPSS

Percentile

32.0%

JSON

Related for ATLASSIAN:JRASERVER-68527