CVE-2019-8451

medium

Description

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.

From the Tenable Blog

CVE-2019-8451: Proof-of-Concept Available for Server Side Request Forgery (SSRF) Vulnerability in Jira

Published: 2019-09-25

Availability of proof-of-concept code for vulnerability in Jira poses a challenge, as the Jira 7.x branch did not appear to contain a fix for the flaw

References

https://jira.atlassian.com/browse/JRASERVER-69793

Details

Source: Mitre, NVD

Published: 2019-09-11

Updated: 2022-03-28

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N