Description

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.

Remediation

References

CVE-2019-20408

Related Vulnerabilities

WebLogic CVE-2017-10148 Vulnerability (CVE-2017-10148)

Java Unspesificed Vulnerability (CVE-2018-14048)

PHP Other Vulnerability (CVE-2006-4485)

Liferay Portal Deserialization of Untrusted Data Vulnerability (CVE-2019-16891)

WordPress Plugin Image Gallery-Responsive Photo Gallery Cross-Site Scripting (1.4.0)

Severity

Medium

Classification

CVE-2019-20408 CWE-918

Tags

Missing Update Known Vulnerabilities