Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-18654

The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506

XMLWordPrintable

      The version of the bundled Atlassian OAuth plugin was vulnerable to Server Side Request Forgery (SSRF). This allowed a XSS and or a SSRF attack to be performed. More information about the Atlassian OAuth plugin issue see https://ecosystem.atlassian.net/browse/OAUTH-344 . When running in an environment like Amazon EC2, this flaw can used to access to a metadata resource that provides access credentials and other potentially confidential information.

            [BAM-18654] The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506

            David Black added a comment - - edited

            The fixed version is Bamboo 6.0.0. If you wish to determine which prior versions are affected feel free to do so.

            David Black added a comment - - edited The fixed version is Bamboo 6.0.0. If you wish to determine which prior versions are affected feel free to do so.

            Brian Martin added a comment -

            David, sorry, I meant Bamboo versions that include the vulnerable plugin.

            Brian Martin added a comment - David, sorry, I meant Bamboo versions that include the vulnerable plugin.

            David Black added a comment -

            From the linked ticket,

            The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4

            .

            David Black added a comment - From the linked ticket, The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 .

            Brian Martin added a comment -

            "The version of" but there are no versions listed in the ticket. Can someone clarify which versions/trees are impacted?

            Brian Martin added a comment - "The version of" but there are no versions listed in the ticket. Can someone clarify which versions/trees are impacted?

            David Black added a comment -

            CVSS v3 score: 6.1 => Medium severity

            Exploitability Metrics

            Attack Vector Network
            Attack Complexity Low
            Privileges Required None
            User Interaction Required

            Scope Metric

            Scope Changed

            Impact Metrics

            Confidentiality Low
            Integrity Low
            Availability None

            David Black added a comment - CVSS v3 score: 6.1 => Medium severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required None User Interaction Required Scope Metric Scope Changed Impact Metrics Confidentiality Low Integrity Low Availability None

              Unassigned Unassigned
              dblack David Black
              Affected customers:
              0 This affects my team
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: