Description

The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability.

Remediation

References

CVE-2018-13404

Related Vulnerabilities

WordPress Plugin Countdown Block Security Bypass (1.1.1)

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.21)

WordPress Plugin UsersWP-Front-end login form, User Registration, User Profile & Members Directory for WP SQL Injection (1.2.10)

WordPress Plugin Leaky Paywall PHP Object Injection (4.9.1)

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-3628)

Severity

Medium

Classification

CVE-2018-13404 CWE-918

Tags

Missing Update Known Vulnerabilities