CVE-2017-16865Server-Side Request Forgery in Atlassian Jira

CWE-918Server-Side Request Forgery3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 66.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Atlassian Jira
Timeline
PublishedJan 17
Latest updateMay 14

Description

The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

NVDatlassian/jira< 7.6.1
CVEListV5atlassian/jiraAll versions before 7.6.1

🔴Vulnerability Details

2
GHSA
GHSA-7vh9-vmfj-h37x: The Trello importer in Atlassian Jira before version 72022-05-14
CVEList
CVE-2017-16865: The Trello importer in Atlassian Jira before version 72018-01-17
CVE-2017-16865 — Server-Side Request Forgery | cvebase