This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:CTS:ATLASSIAN-OAUTH-SSRF
|
Severity |
Minor
|
Recommended |
No
|
Category |
HTTP
|
Keywords |
Atlassian OAuth plugin Server Side Request Forgery
|
Release Date |
2020/03/17
|
Update Number |
3263
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Atlassian OAuth plugin Server Side Request Forgery
This signature detects attempts to exploit a known vulnerability against Atlassian. A successful attack can lead to XSS attack via server side request forgery.
Extended Description
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
Affected Products
- Atlassian oauth 1.3.0
- Atlassian oauth 1.3.1
- Atlassian oauth 1.3.10
- Atlassian oauth 1.3.2
- Atlassian oauth 1.3.3
- Atlassian oauth 1.3.4
- Atlassian oauth 1.3.5
- Atlassian oauth 1.3.6
- Atlassian oauth 1.3.7
- Atlassian oauth 1.3.8
- Atlassian oauth 1.3.9
- Atlassian oauth 1.4.0
- Atlassian oauth 1.4.1
- Atlassian oauth 1.5.0
- Atlassian oauth 1.6.0
- Atlassian oauth 1.6.1
- Atlassian oauth 1.7.0
- Atlassian oauth 1.8.0
- Atlassian oauth 1.8.1
- Atlassian oauth 1.8.2
- Atlassian oauth 1.8.3
- Atlassian oauth 1.8.4
- Atlassian oauth 1.8.5
- Atlassian oauth 1.9.0
- Atlassian oauth 1.9.1
- Atlassian oauth 1.9.10
- Atlassian oauth 1.9.11
- Atlassian oauth 1.9.2
- Atlassian oauth 1.9.3
- Atlassian oauth 1.9.4
- Atlassian oauth 1.9.5
- Atlassian oauth 1.9.6
- Atlassian oauth 1.9.7
- Atlassian oauth 1.9.8
- Atlassian oauth 1.9.9
- Atlassian oauth 2.0.0
- Atlassian oauth 2.0.1
- Atlassian oauth 2.0.2
- Atlassian oauth 2.0.3
References