Description
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.
Remediation
References
Related Vulnerabilities
Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-8155)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-2157)
WordPress Plugin Ninja Forms with File Uploads Extension Cross-Site Scripting (3.3.12)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-20151)