Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-69793

SSRF in the /plugins/servlet/gadgets/makeRequest resource - CVE-2019-8451

XMLWordPrintable

      The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.

      Important Note: The patch is deployed in fix versions and later by configuring the Jira URL allow list. N.B: The allowlist is enabled by default (without any URL's defined). However the fixed versions will be vulnerable if allowlist is disabled by the administrator.

            Unassigned Unassigned
            security-metrics-bot Security Metrics Bot
            Votes:
            0 Vote for this issue
            Watchers:
            46 Start watching this issue

              Created:
              Updated:
              Resolved: