[JRASERVER-69793] SSRF in the /plugins/servlet/gadgets/makeRequest resource - CVE-2019-8451 - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Low
Resolution: Fixed
Affects Version/s: 7.6.9, 8.1.0, 8.0.2
Fix Version/s: 8.4.0, 7.6.17, 7.13.9
Component/s: Dashboard & Gadgets
Labels:

Fixed in Long Term Support Release/s:

Download 7.13, 7.6
Introduced in Version:
7.06
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.

Attachments

Issue Links

Mentioned in

CSS Top Asks - Jira On Prem: JRASERVER-69793 | SSRF in the /plugins/servlet/gadgets/makeRequest resource - CVE-2019-8451

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(2 mentioned in)

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 45 Start watching this issue

Dates

Created:: 12/Aug/2019 2:44 AM

Updated:: 22/May/2020 8:27 AM

Resolved:: 12/Aug/2019 2:45 AM