Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
atlassian[email protected]CWD-4883
HistoryMar 21, 2017 - 8:59 p.m.

The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506

2017-03-2120:59:01
[email protected]
jira.atlassian.com
13

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.006 Low

EPSS

Percentile

78.1%

JSON

The version of the bundled Atlassian OAuth plugin was vulnerable to Server Side Request Forgery (SSRF). This allowed a XSS and or a SSRF attack to be performed. More information about the Atlassian OAuth plugin issue see https://ecosystem.atlassian.net/browse/OAUTH-344 .

Affected configurations

Vulners
Node
atlassiancrowdRange2.9.5
OR
atlassiancrowdRange2.10.2
OR
atlassiancrowdRange2.11.1
OR
atlassiancrowdRange<2.11.2
OR
atlassiancrowdRange<2.12.0

Related

atlassian 7
nuclei 1
prion 1
nessus 7
hackerone 2
osv 1
cvelist 1
cve 1
nvd 1
atlassian
atlassian
The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506
2017-03-21 20:59:01
The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506
2017-08-30 02:06:34
The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506
2017-08-30 02:12:37
nuclei
nuclei
Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery
2020-04-04 18:19:48
prion
prion
Server side request forgery (ssrf)
2017-08-23 19:29:00
nessus
nessus
Atlassian Crucible < 4.3.2 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF
2018-06-28 00:00:00
Atlassian FishEye < 4.3.2 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF
2018-06-28 00:00:00
Atlassian Bamboo < 6.0.0 OAuth plugin allows arbitrary HTTP requests to be proxied
2018-06-28 00:00:00
hackerone
hackerone
U.S. Dept Of Defense: Information Disclosure
2018-03-28 19:48:50
U.S. Dept Of Defense: SSRF on █████████ Allowing internal server data access
2018-03-15 03:41:47
osv
osv
CVE-2017-9506
2017-08-23 19:29:00
cvelist
cvelist
CVE-2017-9506
2017-05-31 00:00:00
cve
cve
CVE-2017-9506
2017-08-23 19:29:00
nvd
nvd
CVE-2017-9506
2017-08-23 19:29:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.006 Low

EPSS

Percentile

78.1%

JSON
Related for CWD-4883
atlassian7nuclei1prion1nessus7hackerone2osv1cvelist1cve1nvd1