CVE-2017-9506

Published Aug 23, 2017
Last updated 6 years ago
CVSS medium 6.1
Overview

Description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
Source: security@atlassian.com
NVD status: Analyzed
Risk scores

CVSS 3.0

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses

nvd@nist.gov: CWE-918
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6931470D-FCD0-4295-B526-72F9DC18F8D4"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86DF4383-C75F-4C20-97AE-17024E59C85F"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4CE7703F-28FA-49F3-B8F0-0EA19983534C"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1B1269B-D7F0-4AB9-A6A1-F5F09273C1E7"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F788273-7F50-4A5F-B194-9AF88AD5C83F"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60D90C52-C6D4-4BA2-B16F-E24562AB35D1"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74865E14-42E9-40C9-AA3E-33B00BCBAF90"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.3.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C4D0F79-ACD1-4356-BED4-F361D60633FA"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.3.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59F8F976-DA00-4618-8E54-60D6133AAB55"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.3.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5826307-85F4-4C9D-A8C2-E736877F2487"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.3.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7408A0CF-58FC-4FC5-8406-9624C059F480"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A3CB417-E229-4D0E-AAE1-6A1708332DAB"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.4.0:m1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B25D52D-C926-4CE2-8FD7-08211FB5156F"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.4.0:m2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B45678B-D690-455B-82FB-29B5E6C92D99"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5890D37F-7C5E-484C-BA9F-B101EE407535"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F8F9EE5-680F-4E96-8266-61F5EAD57F36"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.5.0:m1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C15E96B8-D920-43B9-A587-9A6ED4CADDA2"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.5.0:m3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68DC4126-C130-419F-8A1C-B50C4AB196F6"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8BECD3F-26FD-4FF4-AB68-6597766C5784"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.6.0:m1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03914A93-B432-4AE1-94C1-23C23C22E07E"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.6.0:m4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "441FE496-A2A8-478D-8AC0-6AE7210B8DFF"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF711A0D-7527-440D-9F54-32B2D550BFE8"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA6E4311-CDED-4D26-8258-0CA2106723C2"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "408339FF-21EB-44D8-BD26-E085AE83AC80"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.8.0:m1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B60AA166-B682-4420-BC98-104A19E0F604"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8278DDA7-4F73-4EDD-AA97-A1AB6806D6E5"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09A9F674-3B94-4D3A-870E-F4488A00BDA3"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4088D76-BA49-422A-B80F-BC4C7656C28E"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32804B74-92C4-4FAD-86D3-599108CC0E36"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.8.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "919EB181-8A1D-4BBC-A847-F6320480EDC2"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88F98ECB-402C-404B-B22D-9E145CC568F0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.9.0:m1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B6A21E5-78A2-4C70-9EA2-0C3463647B98"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.9.0:m2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70DD87A9-806B-4D01-876B-AFCCF57052ED"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA83C8C5-6AA5-4560-8839-297DF9A676DA"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "964D45DE-7F4D-41C4-AD3E-D14FF2906632"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.9.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8944539B-B073-4308-91FF-84437D7AE220"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.9.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC5AF81F-65A5-402A-9AFE-A414F969C1F7"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.9.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "844330C2-A2C6-433A-9C28-5012FDF81423"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.9.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91E6952F-3742-4A9F-B6A3-E6469E1D3D6D"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.9.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A638EEDC-AEF5-4496-A006-E860E7C59926"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.9.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "108C2E74-3300-47AD-940C-ADEF1613F380"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.9.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07B479B9-4299-4F54-8E6D-6EE9E860B4FF"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.9.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDF046E0-0BAB-42D0-A7D2-4179EF6639EA"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:1.9.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "554DF85D-5B54-42EC-B86E-94449C592C7A"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFFCCA48-CC4A-4B97-A1E2-17D26D88C47C"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D4A72A1-F335-4E22-B798-69B122145411"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42C01D71-0E47-48C1-A55B-7548AD0178A5"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:oauth:2.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8466429-974C-4921-AE06-CE3DB2E6E48A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
