Lucene search
PRIOn knowledge basePRION:CVE-2017-9506HistoryAug 23, 2017 - 7:29 p.m.
Server side request forgery (ssrf)
2017-08-2319:29:00
PRIOn knowledge base
www.prio-n.com
4
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
References
dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html
ecosystem.atlassian.net/browse/OAUTH-344
medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3
twitter.com/ankit_anubhav/status/973566620676382721
twitter.com/Zer0Security/status/983529439433777152
Related
atlassian
atlassian
nuclei
nuclei
nessus
nessus
hackerone
hackerone
U.S. Dept Of Defense: Information Disclosure
2018-03-28 19:48:50
U.S. Dept Of Defense: SSRF on █████████ Allowing internal server data access
2018-03-15 03:41:47
osv
osv
CVE-2017-9506
2017-08-23 19:29:00
cvelist
cvelist
CVE-2017-9506
2017-05-31 00:00:00
cve
cve
CVE-2017-9506
2017-08-23 19:29:00
nvd
nvd
CVE-2017-9506
2017-08-23 19:29:00