Description

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.

Remediation

References

CVE-2019-20408

Related Vulnerabilities

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-42115)

WordPress Plugin Subscriptions & Memberships for PayPal Unspecified Vulnerability (1.1.5)

WordPress Plugin Twitter Feed:Embedded Timeline 'url' Parameter Cross-Site Scripting (0.3.1)

Nginx Off-by-one Error Vulnerability (CVE-2021-23017)

WordPress Plugin MAC PHOTO GALLERY 'upload-file.php' Arbitrary File Upload (2.7)

Severity

Medium

Classification

CVE-2019-20408 CWE-918

Tags

Missing Update Known Vulnerabilities