The vulnerability of the application programming interface of the Discourse-jira plugin for the Discourse mailing list management software allows a attacker to execute an SSRF attack.

The vulnerability of the application programming interface of the Discourse-jira plugin for the Discourse mailing list management software is related to the implementation of an incorrect control flow. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

CVE-2023-44384

Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the discoursejiraverboselog site setting. A moderator user cou...

Server side request forgery (ssrf)

Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the discoursejiraverboselog site setting. A moderator user cou...

CVE-2023-44384 Discourse-Jira could make SSRF attack by setting Jira URL to an arbitrary location

Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the discoursejiraverboselog site setting. A moderator user cou...

CVE-2023-44384 Discourse-Jira could make SSRF attack by setting Jira URL to an arbitrary location

Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the discoursejiraverboselog site setting. A moderator user cou...

CVE-2023-44384 Discourse-Jira could make SSRF attack by setting Jira URL to an arbitrary location

Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the discoursejiraverboselog site setting. A moderator user cou...

CVE-2023-44384

The CVE-2023-44384 entry concerns the Discourse-jira plugin for Discourse. According to connected sources (Red Hat advisory, NVD/NVD-derived summaries, and other feeds), exploitation stems from an SSRF via the Jira URL when the discourse_jira_verbose_log site setting is enabled. An administrator ...