CVE-2017-9506

MEDIUM EXPLOITED IN THE WILD NUCLEI

Atlassian OAuth Plugin <1.9.12, <2.0.4 - SSRF/XSS

Title source: llm

Description

The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).

Exploits (4)

nomisec SCANNER 190 stars
by random-robbie · infoleak
https://github.com/random-robbie/Jira-Scan
github SCANNER 2 stars
by Pr0t0c01 · pythonpoc
https://github.com/Pr0t0c01/CVEs/tree/main/JIRA_CVE-2017-9506
nomisec SCANNER
by labsbots · client-side
https://github.com/labsbots/CVE-2017-9506
nomisec WORKING POC
by pwn1sher · client-side
https://github.com/pwn1sher/jira-ssrf

Nuclei Templates (1)

Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery
MEDIUMby pdteam
Shodan: http.component:"Atlassian Jira" || http.component:"atlassian jira"

References (5)

Scores

CVSS v3 6.1
EPSS 0.2898
EPSS Percentile 96.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

VulnCheck KEV 2024-09-19
InTheWild.io 2021-10-14
CWE
CWE-918
Status published
Products (40)
Atlassian/Atlassian OAuth Plugin From version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4.
atlassian/oauth 1.3.0
atlassian/oauth 1.3.1
atlassian/oauth 1.3.2
atlassian/oauth 1.3.3
atlassian/oauth 1.3.4
atlassian/oauth 1.3.5
atlassian/oauth 1.3.6
atlassian/oauth 1.3.7
atlassian/oauth 1.3.8
... and 30 more
Published Aug 23, 2017
Tracked Since Feb 18, 2026