JIRA SSRF

By
Jijith Rajan
Published on
10 Jan 2022
Vulnerability

Description

Jira is a software application used for issue tracking and project management.

Due to a logic flaw in the JiraWhitelist class, the /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability.

Recommendations

  • Update JIRA to the latest version

Written by
Jijith Rajan
Jijith Rajan
Cyber Security Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days