14 matches found
VulnCheck KEV: CVE-2017-9506
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery SSRF...
Atlassian Confluence < 6.1.3 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF
According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.1.3. It is, therefore, affected by a internal network resource disclosure CSRF vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this...
Atlassian FishEye < 4.3.2 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF
According to its self-reported version, the installation of Atlassian FishEye running on the remote host is prior to 4.3.2. It is, therefore, affected by a internal network resource disclosure CSRF vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue bu...
CVE-2017-9506
creationtimestamp| type| source ---|---|--- 2018-04-30 16:18:43+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/1435 2024-03-18 07:23:33+00:00| published-proof-of-concept| https://t.me/lostsec/164 2025-04-13 12:04:46+00:00| seen|...
The bundled Atlassian Activity Streams plugin had Improper Access control inside several rest inline action resource resource - CVE-2017-9506
The version of the bundled Atlassian Activity Streams plugin was vulnerable to Improper Access control. This allowed remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have...
The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506
The version of the bundled Atlassian OAuth plugin was vulnerable to Server Side Request Forgery SSRF. This allowed a XSS and or a SSRF attack to be performed. More information about the Atlassian OAuth plugin issue see https://ecosystem.atlassian.net/browse/OAUTH-344 . When running in an...
The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506
The version of the bundled Atlassian OAuth plugin was vulnerable to Server Side Request Forgery SSRF. This allowed a XSS and or a SSRF attack to be performed. More information about the Atlassian OAuth plugin issue see https://ecosystem.atlassian.net/browse/OAUTH-344 . When running in an...
The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506
The version of the bundled Atlassian OAuth plugin was vulnerable to Server Side Request Forgery SSRF. This allowed a XSS and or a SSRF attack to be performed. More information about the Atlassian OAuth plugin issue see https://ecosystem.atlassian.net/browse/OAUTH-344 . When running in an...
The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506
The version of the bundled Atlassian OAuth plugin was vulnerable to Server Side Request Forgery SSRF. This allowed a XSS and or a SSRF attack to be performed. More information about the Atlassian OAuth plugin issue see https://ecosystem.atlassian.net/browse/OAUTH-344 . When running in an...
CVE-2017-9506
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery SSRF...
CVE-2017-9506
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery SSRF...
CVE-2017-9506
CVE-2017-9506 affects Atlassian Jira/Confluence/etc. OAuth Plugin IconUriServlet. Versions 1.3.0–1.9.11 and 2.0.0–2.0.3 are vulnerable to SSRF and cross-site scripting via the IconUriServlet, enabling access to internal network resources and potential CSRF-style effects. The issue is fixed in 1.9...
The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506
The version of the bundled Atlassian OAuth plugin was vulnerable to Server Side Request Forgery SSRF. This allowed a XSS and or a SSRF attack to be performed. More information about the Atlassian OAuth plugin issue see https://ecosystem.atlassian.net/browse/OAUTH-344...
The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506
The version of the bundled Atlassian OAuth plugin was vulnerable to Server Side Request Forgery SSRF. This allowed a XSS and or a SSRF attack to be performed. More information about the Atlassian OAuth plugin issue see https://ecosystem.atlassian.net/browse/OAUTH-344...