Description
The Trello importer in Atlassian Jira before version 7.6.1 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF). When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information.
Remediation
References
Related Vulnerabilities
MySQL CVE-2017-3648 Vulnerability (CVE-2017-3648)
WordPress Plugin Login as User or Customer Cross-Site Request Forgery (1.9)
Jenkins Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2020-2105)
WordPress Plugin WPGateway Privilege Escalation (3.5)
Moodle Improper Access Control Vulnerability (CVE-2016-8643)