1. CVE-Search
  2. CVE-2017-9506
ID CVE-2017-9506
Summary The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
References
Vulnerable Configurations
  • cpe:2.3:a:atlassian:oauth:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.4.0:m1:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.4.0:m1:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.4.0:m2:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.4.0:m2:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.5.0:m1:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.5.0:m1:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.5.0:m3:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.5.0:m3:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.6.0:m1:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.6.0:m1:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.6.0:m4:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.6.0:m4:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.8.0:m1:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.8.0:m1:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.9.0:m1:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.9.0:m1:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.9.0:m2:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.9.0:m2:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.9.9:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.9.9:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.9.10:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.9.10:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:1.9.11:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:1.9.11:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:oauth:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:oauth:2.0.3:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 10-05-2019 - 15:22)
Impact:
Exploitability:
CWE CWE-918
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
misc
Last major update 10-05-2019 - 15:22
Published 23-08-2017 - 19:29
Last modified 10-05-2019 - 15:22
Back to Top