2019-09-11 16:15:12 2019-09-12 14:49:19

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

NONE
Atlassian Jira 7.6.0 (not an official CPE) Atlassian Jira 7.6.1 (not an official CPE) Atlassian Jira 7.6.2 (not an official CPE) Atlassian Jira 7.6.3 (not an official CPE) Atlassian Jira 7.6.4 (not an official CPE) Atlassian Jira 7.6.5 (not an official CPE) Atlassian Jira 7.6.6 (not an official CPE) Atlassian Jira 7.6.7 (not an official CPE) Atlassian Jira 7.6.8 (not an official CPE) Atlassian Jira 7.6.9 (not an official CPE) Atlassian Jira 7.6.10 (not an official CPE) Atlassian Jira 7.6.11 (not an official CPE) Atlassian Jira 7.6.12 (not an official CPE) Atlassian Jira 7.6.13 (not an official CPE) Atlassian Jira 7.6.14 (not an official CPE) Atlassian Jira 7.7 (not an official CPE) Atlassian Jira 7.7.0 (not an official CPE) Atlassian Jira 7.7.1 (not an official CPE) Atlassian Jira 7.7.2 (not an official CPE) Atlassian Jira 7.7.3 (not an official CPE) Atlassian Jira 7.7.4 (not an official CPE) Atlassian Jira 7.8.0 (not an official CPE) Atlassian Jira 7.8.1 (not an official CPE) Atlassian Jira 7.8.2 (not an official CPE) Atlassian Jira 7.8.3 (not an official CPE) Atlassian Jira 7.8.4 (not an official CPE) Atlassian Jira 7.9.0 (not an official CPE) Atlassian Jira 7.9.1 (not an official CPE) Atlassian Jira 7.9.2 (not an official CPE) Atlassian Jira 7.10.0 (not an official CPE) Atlassian Jira 7.10.1 (not an official CPE) Atlassian Jira 7.10.2 (not an official CPE) Atlassian Jira 7.11.0 (not an official CPE) Atlassian Jira 7.11.1 (not an official CPE) Atlassian Jira 7.11.2 (not an official CPE) Atlassian Jira 7.11.3 (not an official CPE) Atlassian Jira 7.12.0 (not an official CPE) Atlassian Jira 7.12.1 (not an official CPE) Atlassian Jira 7.12.2 (not an official CPE) Atlassian Jira 7.12.3 (not an official CPE) Atlassian Jira 7.13.0 (not an official CPE) Atlassian Jira 7.13.1 (not an official CPE) Atlassian Jira 7.13.2 (not an official CPE) Atlassian Jira 7.13.3 (not an official CPE) Atlassian Jira 7.13.4 (not an official CPE) Atlassian Jira 7.13.5 (not an official CPE) Atlassian Jira 7.13.6 (not an official CPE) Atlassian Jira 7.13.7 (not an official CPE) Atlassian Jira 8.0.0 (not an official CPE) Atlassian Jira 8.0.1 (not an official CPE) Atlassian Jira 8.0.2 (not an official CPE) Atlassian Jira 8.0.3 (not an official CPE) Atlassian Jira 8.0.4 (not an official CPE) Atlassian Jira 8.1.0 (not an official CPE) Atlassian Jira 8.1.1 (not an official CPE) Atlassian Jira 8.1.2 (not an official CPE) Atlassian Jira 8.2.0 (not an official CPE) Atlassian Jira 8.2.1 (not an official CPE) Atlassian Jira 8.2.2 (not an official CPE) Atlassian Jira 8.2.3 (not an official CPE) Atlassian Jira 8.2.4 (not an official CPE) Atlassian Jira 8.3.0 (not an official CPE) Atlassian Jira 8.3.1 (not an official CPE) Atlassian Jira 8.3.2 (not an official CPE) Atlassian Jira 8.3.3 (not an official CPE)
Advisory Patch Confirmed Link
N/A