CVE-2017-18104
MEDIUMAtlassian Jira <7.6.7 and 7.7.0-7.11.0 - Exposure of Sensitive Information via Webhooks
Title source: llmDescription
The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are not contained within the results of a specified JQL query.
References (1)
Core 1
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://jira.atlassian.com/browse/JRASERVER-59980
Scores
CVSS v3
5.9
EPSS
0.0026
EPSS Percentile
49.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
atlassian/jira
< 7.6.7
atlassian/jira_server
7.7.0 - 7.11.0
Published
Jul 24, 2018
Tracked Since
Feb 18, 2026