Server Side Request Forgery (SSRF) vulnerability in Atlassian OAuth Plugin allows remote attackers to access internal network resources and perform XSS attacks

Server Side Request Forgery (SSRF) vulnerability in Atlassian OAuth Plugin allows remote attackers to access internal network resources and perform XSS attacks

CVE-2017-9506 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).

Learn more about our Cis Benchmark Audit For Server Software.