Atlassian Jira is vulnerable to an unauthorized server side request forgery (SSRF) vulnerability that affects the endpoint /plugins/servlet/gadgets/makeRequest. An unauthenticated attacker could exploit this vulnerability by sending a specially crafted web request to a vulnerable Jira server. Successful exploitation would result in unauthorized access to view and potentially modify internal network resources.


To fix this vulnerability upgrade to the latest version of Atlassian Jira. This vulnerability was fixed in Jira versions 8.4.0, 7.13.9.


Related Vulnerabilities