Описание
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
Ссылки
- ExploitThird Party Advisory
- Issue TrackingVendor Advisory
- Broken LinkThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Issue TrackingVendor Advisory
- Broken LinkThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:atlassian:oauth:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.3.7:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.3.9:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.3.10:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.4.0:m1:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.4.0:m2:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.5.0:m1:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.5.0:m3:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.6.0:m1:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.6.0:m4:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.8.0:m1:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.9.0:m1:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.9.0:m2:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.9.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.9.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.9.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.9.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.9.6:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.9.7:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.9.8:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.9.9:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.9.10:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:1.9.11:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:oauth:2.0.3:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.40742
Средний
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
EPSS
Процентиль: 97%
0.40742
Средний
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-918