QID 731299
Date Published: 2024-04-01
QID 731299: Atlassian Jira Software Data Center and Server Server-Side Request Forgery (SSRF) Vulnerability (JSWSERVER-25799)
Jira is a proprietary issue tracking product, developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.
Affected Versions:
Atlassian Jira Software versions 9.12.0 to 9.12.3
Atlassian Jira Software versions 9.11.0 to 9.11.3
Atlassian Jira Software versions 9.10.0 to 9.10.2
Atlassian Jira Software versions 9.9.0 to 9.9.2
Atlassian Jira Software versions 9.8.0 to 9.8.2
Atlassian Jira Software versions 9.7.0 to 9.7.2
Atlassian Jira Software versions 9.6.0
Atlassian Jira Software versions 9.5.0 to 9.5.1
Atlassian Jira Software versions 9.4.0 to 9.4.15
Atlassian Jira Software versions 9.3.0 to 9.3.3
Atlassian Jira Software versions 9.2.0 to 9.2.1
Atlassian Jira Software versions 9.1.0 to 9.1.1
Atlassian Jira Software versions 9.0.0
Atlassian Jira Software versions 8.22.x
Atlassian Jira Software versions 8.20.x
QID detection Logic: (Unauthenticated)
The QID sends a HTTP GET request to secure/Dashboard.jspa to check the vulnerable version of the products.
Successful exploitation of this vulnerability allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, no impact to integrity, no impact to availability, and requires no user interaction.
- JSWSERVER-25799 -
jira.atlassian.com/browse/JSWSERVER-25799
CVEs related to QID 731299
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| JSWSERVER-25799 |
jira.atlassian.com/browse/JSWSERVER-25799 |