Commit Graph

3 Commits (5324cbc0e632e2681a158b43cc2ac20dade2bf13)

Author SHA1 Message Date
Ice3man543 ffef121561 Normalized id fields to match schema regex 2020-09-16 00:55:55 +05:30
Techbrunch 59661b1eb6
Update CVE-2019-8451.yaml
Fix trailing whitespace
2020-07-06 16:56:27 +02:00
Techbrunch 3a44d74762
Create CVE-2019-8451.yaml
# On September 9, Atlassian released version 8.4.0 for Jira Core and Jira Software, which included a fix for an important
# security issue reported in August 2019.

# CVE-2019-8451 is a pre-authentication server-side request forgery (SSRF) vulnerability found in 
# the /plugins/servlet/gadgets/makeRequest resource. The vulnerability exists due to “a logic bug” in the JiraWhitelist class.
# An unauthenticated attacker could exploit this vulnerability by sending a specially crafted web request to a vulnerable 
# Jira server. Successful exploitation would result in unauthorized access to view and potentially modify internal 
# network resources.
# https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in
# https://twitter.com/benmontour/status/1177250393220239360
# https://twitter.com/ojensen5115/status/1176569607357730817
2020-07-06 16:52:34 +02:00