Description

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.

Remediation

References

CVE-2019-20408

Related Vulnerabilities

WordPress Plugin Simple Share Buttons Adder Cross-Site Scripting (5.6)

Serendipity Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-2762)

WordPress Plugin Animate It! Cross-Site Request Forgery (2.3.5)

WordPress Plugin Random image gallery with pretty photo zoom Cross-Site Scripting (7.4)

Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19205)

Severity

Medium

Classification

CVE-2019-20408 CWE-918

Tags

Missing Update Known Vulnerabilities