Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 7.6.1, 7.7.0
Affects Version/s: 7.4.2
Component/s: Jira Importers Plugin
Labels:
- CVE-2017-16865
- advisory
- advisory-released
- bugbounty
- cvss-medium
- raid
- security
- ssrf

Fixed in Long Term Support Release/s:

Download 7.6
Introduced in Version:
7.04
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 17/Jan/2018 2:15 AM

Updated:: 21/Mar/2022 5:12 AM

Resolved:: 17/Jan/2018 2:17 AM