Uploaded image for project: 'FishEye'
  1. FishEye
  2. FE-6885

The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506

XMLWordPrintable

      The version of the bundled Atlassian OAuth plugin was vulnerable to Server Side Request Forgery (SSRF). This allowed a XSS and or a SSRF attack to be performed. More information about the Atlassian OAuth plugin issue see https://ecosystem.atlassian.net/browse/OAUTH-344 .

            [FE-6885] The bundled Atlassian OAuth plugin allows arbitrary HTTP requests to be proxied - CVE-2017-9506

            David Black added a comment -

            CVSS v3 score: 6.1 => Medium severity

            Exploitability Metrics

            Attack Vector Network
            Attack Complexity Low
            Privileges Required None
            User Interaction Required

            Scope Metric

            Scope Changed

            Impact Metrics

            Confidentiality Low
            Integrity Low
            Availability None

            David Black added a comment - CVSS v3 score: 6.1 => Medium severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required None User Interaction Required Scope Metric Scope Changed Impact Metrics Confidentiality Low Integrity Low Availability None

              Unassigned Unassigned
              pswiecicki Piotr Swiecicki
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: