Описание
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.7.0 (исключая)
cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00305
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-918
Связанные уязвимости
github
около 3 лет назад
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.
EPSS
Процентиль: 53%
0.00305
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-918