Atlassian JIRA Server-Side Request Forgery (SSRF) Vulnerability (JRASERVER-68527)
Medium Nessus Plugin ID 124770
SynopsisThe remote web server hosts a web application that is potentially affected by a server-side request forgery vulnerability.
DescriptionAccording to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is prior to 7.6.10 or 7.7.x prior to 7.7.5 or 7.8.x prior to 7.8.5 or 7.9.x prior to 7.9.3 or 7.10.x prior 7.10.3 or 7.11.x prior to 7.11.3 or 7.12.x prior to 7.12.3 or 7.13.x prior to 7.13.1. It is, therefore, affected by a server-side request forgery vulnerability. A remote attacker, with administrator privileges, may exploit this vulnerability to determine the existence of internal hosts & open ports and obtain sensitive server information.
SolutionUpgrade to Atlassian JIRA version 7.6.10 / 7.7.5 / 7.8.5 / 7.9.3 / 7.10.3 / 7.11.3 / 7.12.3 / 7.13.1 or later.