Description

The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability.

Remediation

References

CVE-2018-13404

Related Vulnerabilities

WordPress Other Vulnerability (CVE-2007-0106)

WordPress Plugin Import Export WordPress Users CSV Injection (1.3.1)

WordPress Plugin WP Statistics Multiple Cross-Site Scripting Vulnerabilities (2.2.4)

Oracle Application Server CVE-2008-2583 Vulnerability (CVE-2008-2583)

WordPress Plugin SearchAutocomplete 'tags.php' SQL Injection (1.0.8)

Severity

Medium

Classification

CVE-2018-13404 CWE-918

Tags

Missing Update Known Vulnerabilities