CVE-2017-18104: Infoleak
First published: Tue Jul 24 2018(Updated: )
The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are not contained within the results of a specified JQL query.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Jira Core | <7.6.7 | |
| Atlassian Server | >=7.7.0<7.11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-18104?
CVE-2017-18104 is classified as a moderate severity vulnerability.
How do I fix CVE-2017-18104?
To fix CVE-2017-18104, upgrade Atlassian Jira to version 7.6.7 or to a version between 7.7.0 and 7.11.0 excluding both.
What versions of Atlassian Jira are affected by CVE-2017-18104?
CVE-2017-18104 affects Atlassian Jira versions prior to 7.6.7 and versions from 7.7.0 to 7.11.0.
What kind of attacks can be performed using CVE-2017-18104?
Remote attackers can exploit CVE-2017-18104 to intercept webhook events and access sensitive issue change information.
Is CVE-2017-18104 related to webhooks in Atlassian Jira?
Yes, CVE-2017-18104 specifically relates to the vulnerabilities associated with the Webhooks component in Atlassian Jira.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/atlassian
- canonical/atlassian jira core
- canonical/atlassian server
- version/atlassian server/7.7.0