Description
Atlassian Jira is vulnerable to an unauthorized server side request forgery (SSRF) vulnerability that affects the endpoint /plugins/servlet/gadgets/makeRequest. An unauthenticated attacker could exploit this vulnerability by sending a specially crafted web request to a vulnerable Jira server. Successful exploitation would result in unauthorized access to view and potentially modify internal network resources.
Remediation
To fix this vulnerability upgrade to the latest version of Atlassian Jira. This vulnerability was fixed in Jira versions 8.4.0, 7.13.9.
References
Related Vulnerabilities
Reverse proxy misrouting through HTTP/2 pseudo-headers (SSRF)
Hasura GraphQL API without authentication
WordPress Plugin Canto Multiple Server-Side Request Forgery Vulnerabilities (1.7.0)
WordPress Plugin Print My Blog-Print, PDF, & eBook Converter Server-Side Request Forgery (1.6.5)
WordPress Plugin PhonePe Payment Solutions Server-Side Request Forgery (1.0.15)