Atlassian Bitbucket < 4.14.4 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF

The version of Atlassian Bitbucket installed on the remote host is prior to 4.14.4. It is, therefore, affected by a internal network resource disclosure CSRF vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue but has instead relied only on the...

Atlassian Crucible < 4.3.2 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF

According to its self-reported version, the installation of Atlassian Crucible running on the remote host is prior to 4.3.2. It is, therefore, affected by a internal network resource disclosure CSRF vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue b...

Atlassian FishEye < 4.3.2 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF

According to its self-reported version, the installation of Atlassian FishEye running on the remote host is prior to 4.3.2. It is, therefore, affected by a internal network resource disclosure CSRF vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue bu...

Atlassian Confluence < 6.1.3 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.1.3. It is, therefore, affected by a internal network resource disclosure CSRF vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this...

Atlassian Crowd < 2.11.2 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF

The version of Atlassian Crowd installed on the remote host is prior to 2.11.2. It is, therefore, affected by a internal network resource disclosure CSRF vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue but has instead relied only on the application...

Atlassian Jira < 7.2.15 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF

According to its self-reported version number, the version of Atlassian JIRA hosted on the remote web server is prior to 7.2.15. It is, therefore, affected by a internal network resource disclosure CSRF vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this iss...

CVE-2017-9506

The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery SSRF...

CVE-2017-9506

The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery SSRF...

CVE-2017-9506

CVE-2017-9506 affects Atlassian OAuth Plugin IconUriServlet across multiple Atlassian products (e.g., Jira, Confluence, Crowd, Bamboo, FishEye, Crucible) with vulnerable versions 1.3.0–1.9.12 and 2.0.0–2.0.4. The flaw enables SSRF and related cross‑site scripting risks by mismanaging requests thr...