Atlassian Jira < 7.2.15 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF
Medium Nessus Plugin ID 110775
SynopsisThe remote web server hosts a web application is affected by an internal network resource disclosure (CSRF) vulnerability.
DescriptionAccording to its self-reported version number, the version of Atlassian JIRA hosted on the remote web server is prior to 7.2.15. It is, therefore, affected by a internal network resource disclosure (CSRF) vulnerability in the OAuth plugin IconUriServlet.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Jira version 7.2.15 or later.