Description

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.

Remediation

References

CVE-2019-20408

Related Vulnerabilities

WordPress Plugin Google XML Sitemaps Cross-Site Scripting (4.0.8)

PHP Resource Management Errors Vulnerability (CVE-2010-3710)

IBM WebSEAL Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2018-1803)

WordPress Plugin WP Job Manager Privilege Escalation (1.34.3)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11358)

Severity

Medium

Classification

CVE-2019-20408 CWE-918

Tags

Missing Update Known Vulnerabilities