Server Side Request Forgery (SSRF) Vulnerability in Trello Importer in Atlassian Jira
CVE-2017-16865 · LOW Severity
AV:N/AC:M/AU:S/C:P/I:N/A:N
The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information.
Learn more about our Cis Benchmark Audit For Server Software.