Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Atlassian OAuth Plugin by Atlassian
CVE-2017-9506 (GCVE-0-2017-9506)
Vulnerability from nvd – Published: 2017-08-23 19:00 – Updated: 2024-10-16 14:03
VLAI
Shadowserver
Summary
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Server-Side Request Forgery
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://dontpanic.42.nl/2017/12/there-is-proxy-in-… | x_refsource_MISC |
| https://twitter.com/ankit_anubhav/status/97356662… | x_refsource_MISC |
| https://ecosystem.atlassian.net/browse/OAUTH-344 | x_refsource_MISC |
| https://twitter.com/Zer0Security/status/983529439… | x_refsource_MISC |
| https://medium.com/bugbountywriteup/piercing-the-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Atlassian OAuth Plugin |
Affected:
From version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4.
|
Date Public
2017-05-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:01.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/ankit_anubhav/status/973566620676382721"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ecosystem.atlassian.net/browse/OAUTH-344"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/Zer0Security/status/983529439433777152"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-9506",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T14:02:53.950017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T14:03:06.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Atlassian OAuth Plugin",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "From version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4."
}
]
}
],
"datePublic": "2017-05-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-10T06:57:01.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/ankit_anubhav/status/973566620676382721"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ecosystem.atlassian.net/browse/OAUTH-344"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/Zer0Security/status/983529439433777152"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2017-05-31T00:00:00",
"ID": "CVE-2017-9506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Atlassian OAuth Plugin",
"version": {
"version_data": [
{
"version_value": "From version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4."
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html",
"refsource": "MISC",
"url": "http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html"
},
{
"name": "https://twitter.com/ankit_anubhav/status/973566620676382721",
"refsource": "MISC",
"url": "https://twitter.com/ankit_anubhav/status/973566620676382721"
},
{
"name": "https://ecosystem.atlassian.net/browse/OAUTH-344",
"refsource": "MISC",
"url": "https://ecosystem.atlassian.net/browse/OAUTH-344"
},
{
"name": "https://twitter.com/Zer0Security/status/983529439433777152",
"refsource": "MISC",
"url": "https://twitter.com/Zer0Security/status/983529439433777152"
},
{
"name": "https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3",
"refsource": "MISC",
"url": "https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2017-9506",
"datePublished": "2017-08-23T19:00:00.000Z",
"dateReserved": "2017-06-07T00:00:00.000Z",
"dateUpdated": "2024-10-16T14:03:06.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9506 (GCVE-0-2017-9506)
Vulnerability from cvelistv5 – Published: 2017-08-23 19:00 – Updated: 2024-10-16 14:03
VLAI
Shadowserver
Summary
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Server-Side Request Forgery
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://dontpanic.42.nl/2017/12/there-is-proxy-in-… | x_refsource_MISC |
| https://twitter.com/ankit_anubhav/status/97356662… | x_refsource_MISC |
| https://ecosystem.atlassian.net/browse/OAUTH-344 | x_refsource_MISC |
| https://twitter.com/Zer0Security/status/983529439… | x_refsource_MISC |
| https://medium.com/bugbountywriteup/piercing-the-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Atlassian OAuth Plugin |
Affected:
From version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4.
|
Date Public
2017-05-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:01.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/ankit_anubhav/status/973566620676382721"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ecosystem.atlassian.net/browse/OAUTH-344"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/Zer0Security/status/983529439433777152"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-9506",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T14:02:53.950017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T14:03:06.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Atlassian OAuth Plugin",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "From version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4."
}
]
}
],
"datePublic": "2017-05-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-10T06:57:01.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/ankit_anubhav/status/973566620676382721"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ecosystem.atlassian.net/browse/OAUTH-344"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/Zer0Security/status/983529439433777152"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2017-05-31T00:00:00",
"ID": "CVE-2017-9506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Atlassian OAuth Plugin",
"version": {
"version_data": [
{
"version_value": "From version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4."
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html",
"refsource": "MISC",
"url": "http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html"
},
{
"name": "https://twitter.com/ankit_anubhav/status/973566620676382721",
"refsource": "MISC",
"url": "https://twitter.com/ankit_anubhav/status/973566620676382721"
},
{
"name": "https://ecosystem.atlassian.net/browse/OAUTH-344",
"refsource": "MISC",
"url": "https://ecosystem.atlassian.net/browse/OAUTH-344"
},
{
"name": "https://twitter.com/Zer0Security/status/983529439433777152",
"refsource": "MISC",
"url": "https://twitter.com/Zer0Security/status/983529439433777152"
},
{
"name": "https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3",
"refsource": "MISC",
"url": "https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2017-9506",
"datePublished": "2017-08-23T19:00:00.000Z",
"dateReserved": "2017-06-07T00:00:00.000Z",
"dateUpdated": "2024-10-16T14:03:06.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}