Lucene search
AtlassianCVELIST:CVE-2017-9506HistoryMay 31, 2017 - 12:00 a.m.
CVE-2017-9506
2017-05-3100:00:00
atlassian
www.cve.org
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
CNA Affected
[
{
"product": "Atlassian OAuth Plugin",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "From version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4."
}
]
}
]References
dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html
ecosystem.atlassian.net/browse/OAUTH-344
medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3
twitter.com/ankit_anubhav/status/973566620676382721
twitter.com/Zer0Security/status/983529439433777152
Related
atlassian
atlassian
nuclei
nuclei
prion
prion
Server side request forgery (ssrf)
2017-08-23 19:29:00
nessus
nessus
hackerone
hackerone
U.S. Dept Of Defense: Information Disclosure
2018-03-28 19:48:50
U.S. Dept Of Defense: SSRF on █████████ Allowing internal server data access
2018-03-15 03:41:47
osv
osv
CVE-2017-9506
2017-08-23 19:29:00
cve
cve
CVE-2017-9506
2017-08-23 19:29:00
nvd
nvd
CVE-2017-9506
2017-08-23 19:29:00