Lucene search
GoogleOSV:CVE-2017-9506HistoryAug 23, 2017 - 7:29 p.m.
CVE-2017-9506
2017-08-2319:29:00
Google
osv.dev
6
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
References
dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html
ecosystem.atlassian.net/browse/OAUTH-344
medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3
twitter.com/ankit_anubhav/status/973566620676382721
twitter.com/Zer0Security/status/983529439433777152
Related
atlassian
atlassian
nuclei
nuclei
prion
prion
Server side request forgery (ssrf)
2017-08-23 19:29:00
nessus
nessus
hackerone
hackerone
U.S. Dept Of Defense: Information Disclosure
2018-03-28 19:48:50
U.S. Dept Of Defense: SSRF on █████████ Allowing internal server data access
2018-03-15 03:41:47
cvelist
cvelist
CVE-2017-9506
2017-05-31 00:00:00
cve
cve
CVE-2017-9506
2017-08-23 19:29:00
nvd
nvd
CVE-2017-9506
2017-08-23 19:29:00