Server Side Request Forgery (SSRF) Vulnerability in Trello Importer in Atlassian Jira

Server Side Request Forgery (SSRF) Vulnerability in Trello Importer in Atlassian Jira

CVE-2017-16865 · LOW Severity

AV:N/AC:M/AU:S/C:P/I:N/A:N

The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information.

Learn more about our Cis Benchmark Audit For Server Software.