[BSERV-9649] The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 4.14.4
Affects Version/s: None
Component/s: Enterprise
Labels:

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

The version of the bundled Atlassian OAuth plugin was vulnerable to Server Side Request Forgery (SSRF). This allowed a XSS and or a SSRF attack to be performed. More information about the Atlassian OAuth plugin issue see https://ecosystem.atlassian.net/browse/OAUTH-344 . When running in an environment like Amazon EC2, this flaw can used to access to a metadata resource that provides access credentials and other potentially confidential information.

is caused by: OAUTH-286 Failed to load

mentioned in: Page Failed to load; Page Failed to load

relates to

OAUTH-344 The icon-uri servlet allows arbitrary HTTP requests to be proxied - CVE-2017-9506

Done

SCT-3520 Failed to load

Robbie (Inactive) added a comment - 21/Mar/2017 7:17 PM - edited

CVSS v3 score: 6.1 => Medium severity

Exploitability Metrics

Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User Interaction	Required

Scope Metric

Scope	Changed

Impact Metrics

Confidentiality	Low
Integrity	Low
Availability	None

Robbie (Inactive) added a comment - 21/Mar/2017 7:17 PM - edited CVSS v3 score: 6.1 => Medium severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required None User Interaction Required Scope Metric Scope Changed Impact Metrics Confidentiality Low Integrity Low Availability None

Assignee:: Felix (Inactive)

Reporter:: Robbie (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 6 Start watching this issue

Created:: 21/Mar/2017 7:16 PM

Updated:: 24/Oct/2018 5:05 AM

Resolved:: 27/Mar/2017 7:15 AM

Bitbucket Data Center

Details

Description

Attachments

Issue Links

Forms

Activity

[BSERV-9649] The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506

Collapse comment: Robbie (Inactive) added a comment - 21/Mar/2017 7:17 PM, Edited by David Black - 23/Aug/2017 5:59 AM

Expand comment: Robbie (Inactive) added a comment - 21/Mar/2017 7:17 PM, Edited by David Black - 23/Aug/2017 5:59 AM

People

Dates

Backbone Issue Sync