CVE-2019-8451

MEDIUM EXPLOITED NUCLEI

Atlassian Jira Server < 8.4.0 - SSRF

Title source: rule

Description

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.

Exploits (5)

nomisec WORKING POC 31 stars

by jas502n · infoleak

https://github.com/jas502n/CVE-2019-8451

View Code ZIP pw:eip

nomisec WORKING POC 10 stars

by 0xbug · infoleak

https://github.com/0xbug/CVE-2019-8451

View Code ZIP pw:eip

nomisec SCANNER 7 stars

by h0ffayyy · remote

https://github.com/h0ffayyy/Jira-CVE-2019-8451

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by ianxtianxt · remote

https://github.com/ianxtianxt/CVE-2019-8451

View Code ZIP pw:eip

nomisec WORKING POC

by b0ul1 · infoleak

https://github.com/b0ul1/CVE-2019-8451

View Code ZIP pw:eip

Nuclei Templates (1)

Jira <8.4.0 - Server-Side Request Forgery

MEDIUMby TechbrunchFR

Shodan: http.component:"Atlassian Jira" || http.component:"atlassian jira"

References (1)

[Issue Tracking, Vendor Advisory] https://jira.atlassian.com/browse/JRASERVER-69793

Scores

CVSS v3 6.5

EPSS 0.9328

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

VulnCheck KEV 2023-12-06

CWE

CWE-918

Status published

Products (1)

atlassian/jira_server 7.6.0 - 8.4.0

Published Sep 11, 2019

Tracked Since Feb 18, 2026