Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information. The affected versions are before version 4.13.20, from version 4.14.0 before 4.20.8, and from version 4.21.0 before 4.22.2.
2022-07-26T08:15:07.177
2024-11-21T06:30:05.483
Modified
CVSSv3.1: 5.7 (MEDIUM)
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | atlassian | jira_service_desk | < 4.13.20 | Yes |
Application | atlassian | jira_service_desk | < 4.13.20 | Yes |
Application | atlassian | jira_service_management | < 4.20.8 | Yes |
Application | atlassian | jira_service_management | < 4.20.8 | Yes |
Application | atlassian | jira_service_management | < 4.22.2 | Yes |
Application | atlassian | jira_service_management | < 4.22.2 | Yes |