Details
-
Bug
-
Resolution: Fixed
-
Medium
-
2.9.5, 2.10.2, 2.11.1
-
None
-
Severity 2 - Major
-
Description
The version of the bundled Atlassian OAuth plugin was vulnerable to Server Side Request Forgery (SSRF). This allowed a XSS and or a SSRF attack to be performed. More information about the Atlassian OAuth plugin issue see https://ecosystem.atlassian.net/browse/OAUTH-344 .