CVE-2017-9506: SSRF
First published: Wed Aug 23 2017(Updated: )
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian OAuth | =1.3.0 | |
| Atlassian OAuth | =1.3.1 | |
| Atlassian OAuth | =1.3.2 | |
| Atlassian OAuth | =1.3.3 | |
| Atlassian OAuth | =1.3.4 | |
| Atlassian OAuth | =1.3.5 | |
| Atlassian OAuth | =1.3.6 | |
| Atlassian OAuth | =1.3.7 | |
| Atlassian OAuth | =1.3.8 | |
| Atlassian OAuth | =1.3.9 | |
| Atlassian OAuth | =1.3.10 | |
| Atlassian OAuth | =1.4.0 | |
| Atlassian OAuth | =1.4.0-m1 | |
| Atlassian OAuth | =1.4.0-m2 | |
| Atlassian OAuth | =1.4.1 | |
| Atlassian OAuth | =1.5.0 | |
| Atlassian OAuth | =1.5.0-m1 | |
| Atlassian OAuth | =1.5.0-m3 | |
| Atlassian OAuth | =1.6.0 | |
| Atlassian OAuth | =1.6.0-m1 | |
| Atlassian OAuth | =1.6.0-m4 | |
| Atlassian OAuth | =1.6.1 | |
| Atlassian OAuth | =1.7.0 | |
| Atlassian OAuth | =1.8.0 | |
| Atlassian OAuth | =1.8.0-m1 | |
| Atlassian OAuth | =1.8.1 | |
| Atlassian OAuth | =1.8.2 | |
| Atlassian OAuth | =1.8.3 | |
| Atlassian OAuth | =1.8.4 | |
| Atlassian OAuth | =1.8.5 | |
| Atlassian OAuth | =1.9.0 | |
| Atlassian OAuth | =1.9.0-m1 | |
| Atlassian OAuth | =1.9.0-m2 | |
| Atlassian OAuth | =1.9.1 | |
| Atlassian OAuth | =1.9.2 | |
| Atlassian OAuth | =1.9.3 | |
| Atlassian OAuth | =1.9.4 | |
| Atlassian OAuth | =1.9.5 | |
| Atlassian OAuth | =1.9.6 | |
| Atlassian OAuth | =1.9.7 | |
| Atlassian OAuth | =1.9.8 | |
| Atlassian OAuth | =1.9.9 | |
| Atlassian OAuth | =1.9.10 | |
| Atlassian OAuth | =1.9.11 | |
| Atlassian OAuth | =2.0.0 | |
| Atlassian OAuth | =2.0.1 | |
| Atlassian OAuth | =2.0.2 | |
| Atlassian OAuth | =2.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html
- https://ecosystem.atlassian.net/browse/OAUTH-344
- https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3
- https://twitter.com/Zer0Security/status/983529439433777152
- https://twitter.com/ankit_anubhav/status/973566620676382721
Frequently Asked Questions
What is the severity of CVE-2017-9506?
CVE-2017-9506 has a high severity rating due to its potential for server-side request forgery (SSRF) and XSS attacks.
How do I fix CVE-2017-9506?
To fix CVE-2017-9506, upgrade the Atlassian OAuth Plugin to version 1.9.12 or 2.0.4 or later.
What types of attacks can exploit CVE-2017-9506?
CVE-2017-9506 can be exploited to perform server-side request forgery (SSRF) and cross-site scripting (XSS) attacks.
Which versions of Atlassian OAuth are affected by CVE-2017-9506?
CVE-2017-9506 affects Atlassian OAuth Plugin versions 1.3.0 through 1.9.11 and 2.0.0 through 2.0.3.
Is there a workaround for CVE-2017-9506?
A viable workaround for CVE-2017-9506 is to restrict access to internal network resources from the vulnerable application until an upgrade can be applied.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- agent/author
- agent/severity
- agent/references
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/atlassian
- canonical/atlassian oauth
- version/atlassian oauth/1.3.0
- version/atlassian oauth/1.3.1
- version/atlassian oauth/1.3.2
- version/atlassian oauth/1.3.3
- version/atlassian oauth/1.3.4
- version/atlassian oauth/1.3.5
- version/atlassian oauth/1.3.6
- version/atlassian oauth/1.3.7
- version/atlassian oauth/1.3.8
- version/atlassian oauth/1.3.9
- version/atlassian oauth/1.3.10
- version/atlassian oauth/1.4.0
- version/atlassian oauth/1.4.0-m1
- version/atlassian oauth/1.4.0-m2
- version/atlassian oauth/1.4.1
- version/atlassian oauth/1.5.0
- version/atlassian oauth/1.5.0-m1
- version/atlassian oauth/1.5.0-m3
- version/atlassian oauth/1.6.0
- version/atlassian oauth/1.6.0-m1
- version/atlassian oauth/1.6.0-m4
- version/atlassian oauth/1.6.1
- version/atlassian oauth/1.7.0
- version/atlassian oauth/1.8.0
- version/atlassian oauth/1.8.0-m1
- version/atlassian oauth/1.8.1
- version/atlassian oauth/1.8.2
- version/atlassian oauth/1.8.3
- version/atlassian oauth/1.8.4
- version/atlassian oauth/1.8.5
- version/atlassian oauth/1.9.0
- version/atlassian oauth/1.9.0-m1
- version/atlassian oauth/1.9.0-m2
- version/atlassian oauth/1.9.1
- version/atlassian oauth/1.9.2
- version/atlassian oauth/1.9.3
- version/atlassian oauth/1.9.4
- version/atlassian oauth/1.9.5
- version/atlassian oauth/1.9.6
- version/atlassian oauth/1.9.7
- version/atlassian oauth/1.9.8
- version/atlassian oauth/1.9.9
- version/atlassian oauth/1.9.10
- version/atlassian oauth/1.9.11
- version/atlassian oauth/2.0.0
- version/atlassian oauth/2.0.1
- version/atlassian oauth/2.0.2
- version/atlassian oauth/2.0.3