Vulnerabilities > CVE-2017-9506 - Server-Side Request Forgery (SSRF) vulnerability in Atlassian Oauth
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family CGI abuses NASL id FISHEYE_4_3_2.NASL description According to its self-reported version, the installation of Atlassian FishEye running on the remote host is prior to 4.3.2. It is, therefore, affected by a internal network resource disclosure (CSRF) vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 110774 published 2018-06-28 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110774 title Atlassian FishEye < 4.3.2 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(110774); script_version("1.2"); script_cvs_date("Date: 2019/11/04"); script_cve_id("CVE-2017-9506"); script_name(english:"Atlassian FishEye < 4.3.2 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF"); script_summary(english:"Checks the version of FishEye."); script_set_attribute(attribute:"synopsis", value: "The version of Atlassian FishEye installed on the remote host is affected by an internal network resource disclosure (CSRF) vulnerability."); script_set_attribute(attribute:"description", value: "According to its self-reported version, the installation of Atlassian FishEye running on the remote host is prior to 4.3.2. It is, therefore, affected by a internal network resource disclosure (CSRF) vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://ecosystem.atlassian.net/browse/OAUTH-344"); script_set_attribute(attribute:"solution", value: "Upgrade to FishEye 4.3.2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-9506"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/30"); script_set_attribute(attribute:"patch_publication_date", value:"2017/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/28"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:atlassian:fisheye"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("fisheye_detect.nasl"); script_require_keys("installed_sw/fisheye", "Settings/ParanoidReport"); script_require_ports("Services/www", 8060); exit(0); } include("http.inc"); include("vcf.inc"); port = get_http_port(default:8060); app = "fisheye"; app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE); if (report_paranoia < 2) audit(AUDIT_PARANOID); vcf::check_granularity(app_info:app_info, sig_segments:3); constraints = [ { "min_version" : "1.0.0", "fixed_version" : "4.3.2" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{"xsrf":TRUE});NASL family CGI abuses NASL id BITBUCKET_4_14_4.NASL description The version of Atlassian Bitbucket installed on the remote host is prior to 4.14.4. It is, therefore, affected by a internal network resource disclosure (CSRF) vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 110770 published 2018-06-28 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110770 title Atlassian Bitbucket < 4.14.4 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(110770); script_version("1.2"); script_cvs_date("Date: 2019/11/04"); script_cve_id("CVE-2017-9506"); script_name(english:"Atlassian Bitbucket < 4.14.4 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF"); script_summary(english:"Checks the version of Bitbucket"); script_set_attribute(attribute:"synopsis", value: "The version of Atlassian Bitbucket installed on the remote host is affected by an internal network resource disclosure (CSRF) vulnerability."); script_set_attribute(attribute:"description", value: "The version of Atlassian Bitbucket installed on the remote host is prior to 4.14.4. It is, therefore, affected by a internal network resource disclosure (CSRF) vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://ecosystem.atlassian.net/browse/OAUTH-344"); script_set_attribute(attribute:"solution", value: "Upgrade to version 4.14.4 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-9506"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/30"); script_set_attribute(attribute:"patch_publication_date", value:"2017/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/28"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:atlassian:bitbucket"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("bitbucket_detect.nbin", "os_fingerprint.nasl"); script_require_keys("www/bitbucket"); script_require_ports("Services/www", 7990); exit(0); } include("http.inc"); include("vcf.inc"); port = get_http_port(default:7990); app = "bitbucket"; app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE); vcf::check_granularity(app_info:app_info, sig_segments:3); constraints = [ { "min_version" : "1.0.0", "fixed_version" : "4.14.4" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{"xsrf":TRUE});NASL family CGI abuses NASL id CROWD_2_11_2.NASL description The version of Atlassian Crowd installed on the remote host is prior to 2.11.2. It is, therefore, affected by a internal network resource disclosure (CSRF) vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 110772 published 2018-06-28 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110772 title Atlassian Crowd < 2.11.2 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(110772); script_version("1.2"); script_cvs_date("Date: 2019/11/04"); script_cve_id("CVE-2017-9506"); script_name(english:"Atlassian Crowd < 2.11.2 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF"); script_summary(english:"Checks the version of Crowd"); script_set_attribute(attribute:"synopsis", value: "The version of Atlassian Crowd installed on the remote host is affected by an internal network resource disclosure (CSRF) vulnerability."); script_set_attribute(attribute:"description", value: "The version of Atlassian Crowd installed on the remote host is prior to 2.11.2. It is, therefore, affected by a internal network resource disclosure (CSRF) vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://ecosystem.atlassian.net/browse/OAUTH-344"); script_set_attribute(attribute:"solution", value: "Upgrade to version 2.11.2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-9506"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/30"); script_set_attribute(attribute:"patch_publication_date", value:"2017/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/28"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:atlassian:crowd"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("crowd_detect.nasl", "os_fingerprint.nasl"); script_require_keys("www/crowd"); script_require_ports("Services/www", 8095); exit(0); } include("http.inc"); include("vcf.inc"); port = get_http_port(default:8095); app = "crowd"; app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE); vcf::check_granularity(app_info:app_info, sig_segments:3); constraints = [ { "min_version" : "1.0.0", "fixed_version" : "2.11.2" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{"xsrf":TRUE});NASL family CGI abuses NASL id JIRA_7_2_15.NASL description According to its self-reported version number, the version of Atlassian JIRA hosted on the remote web server is prior to 7.2.15. It is, therefore, affected by a internal network resource disclosure (CSRF) vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 110775 published 2018-06-28 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110775 title Atlassian Jira < 7.2.15 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(110775); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/28"); script_cve_id("CVE-2017-9506"); script_name(english:"Atlassian Jira < 7.2.15 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF"); script_set_attribute(attribute:"synopsis", value: "The remote web server hosts a web application is affected by an internal network resource disclosure (CSRF) vulnerability."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the version of Atlassian JIRA hosted on the remote web server is prior to 7.2.15. It is, therefore, affected by a internal network resource disclosure (CSRF) vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://ecosystem.atlassian.net/browse/OAUTH-344"); script_set_attribute(attribute:"solution", value: "Upgrade to Jira version 7.2.15 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-9506"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/30"); script_set_attribute(attribute:"patch_publication_date", value:"2017/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/28"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/a:atlassian:jira"); script_set_attribute(attribute:"agent", value:"all"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("jira_detect.nasl", "atlassian_jira_win_installed.nbin", "atlassian_jira_nix_installed.nbin"); script_require_keys("installed_sw/Atlassian JIRA"); exit(0); } include('vcf.inc'); app_info = vcf::combined_get_app_info(app:'Atlassian JIRA'); if (get_kb_item('Settings/PCI_DSS')) sig_seg = 2; else sig_seg = 3; vcf::check_granularity(app_info:app_info, sig_segments:sig_seg); constraints = [ { 'min_version' : '1.0.0', 'fixed_version' : '7.2.15' }, { 'min_version' : '7.3.0', 'fixed_version' : '7.3.5' } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{'xsrf':TRUE});NASL family CGI abuses NASL id BAMBOO_6_0_0.NASL description According to its self-reported version number, the instance of Atlassian Bamboo running on the remote host is prior to 6.0.0. It is, therefore, affected by a internal network resource disclosure (CSRF) vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 110769 published 2018-06-28 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110769 title Atlassian Bamboo < 6.0.0 OAuth plugin allows arbitrary HTTP requests to be proxied code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(110769); script_version("1.2"); script_cvs_date("Date: 2019/11/04"); script_cve_id("CVE-2017-9506"); script_name(english:"Atlassian Bamboo < 6.0.0 OAuth plugin allows arbitrary HTTP requests to be proxied"); script_summary(english:"Checks the version of Atlassian Bamboo."); script_set_attribute(attribute:"synopsis", value: "The remote web server hosts a web application is affected by an internal network resource disclosure (CSRF) vulnerability."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the instance of Atlassian Bamboo running on the remote host is prior to 6.0.0. It is, therefore, affected by a internal network resource disclosure (CSRF) vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://ecosystem.atlassian.net/browse/OAUTH-344"); script_set_attribute(attribute:"solution", value: "Upgrade to Atlassian Bamboo version 6.0.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-9506"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/30"); script_set_attribute(attribute:"patch_publication_date", value:"2017/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/28"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:atlassian:bamboo"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("bamboo_detect.nbin"); script_require_keys("installed_sw/bamboo", "Settings/ParanoidReport"); script_require_ports("Services/www", 8085); exit(0); } include("http.inc"); include("vcf.inc"); app = "bamboo"; get_install_count(app_name:app, exit_if_zero:TRUE); port = get_http_port(default:8085); if (report_paranoia < 2) audit(AUDIT_PARANOID); app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE); vcf::check_granularity(app_info:app_info, sig_segments:3); constraints = [ { "min_version" : "1.0", "fixed_version" : "6.0.0" }, ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);NASL family CGI abuses NASL id CONFLUENCE_6_1_3.NASL description According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.1.3. It is, therefore, affected by a internal network resource disclosure (CSRF) vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 110771 published 2018-06-28 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110771 title Atlassian Confluence < 6.1.3 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(110771); script_version("1.2"); script_cvs_date("Date: 2019/11/04"); script_cve_id("CVE-2017-9506"); script_name(english:"Atlassian Confluence < 6.1.3 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF"); script_summary(english:"Checks the Atlassian Confluence version."); script_set_attribute(attribute:"synopsis", value: "A web application running on the remote host is affected by a internal network resource disclosure (CSRF) vulnerability."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.1.3. It is, therefore, affected by a internal network resource disclosure (CSRF) vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://ecosystem.atlassian.net/browse/OAUTH-344"); script_set_attribute(attribute:"solution", value: "Upgrade to Atlassian Confluence version 6.1.3 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-9506"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/30"); script_set_attribute(attribute:"patch_publication_date", value:"2017/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/28"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:atlassian:confluence"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("confluence_detect.nasl"); script_require_keys("www/confluence", "Settings/ParanoidReport"); script_require_ports("Services/www", 8080, 8090); exit(0); } include("http.inc"); include("vcf.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); port = get_http_port(default:8090); app = "confluence"; app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE); vcf::check_granularity(app_info:app_info, sig_segments:3); constraints = [ { "min_version" : "1.0.0", "fixed_version" : "6.1.3" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{"xsrf":TRUE});NASL family CGI abuses NASL id CRUCIBLE_4_3_2.NASL description According to its self-reported version, the installation of Atlassian Crucible running on the remote host is prior to 4.3.2. It is, therefore, affected by a internal network resource disclosure (CSRF) vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 110773 published 2018-06-28 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110773 title Atlassian Crucible < 4.3.2 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(110773); script_version("1.2"); script_cvs_date("Date: 2019/11/04"); script_cve_id("CVE-2017-9506"); script_name(english:"Atlassian Crucible < 4.3.2 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF"); script_summary(english:"Checks the version of Crucible."); script_set_attribute(attribute:"synopsis", value: "The version of Atlassian Crucible installed on the remote host is affected by an internal network resource disclosure (CSRF) vulnerability."); script_set_attribute(attribute:"description", value: "According to its self-reported version, the installation of Atlassian Crucible running on the remote host is prior to 4.3.2. It is, therefore, affected by a internal network resource disclosure (CSRF) vulnerability in the OAuth plugin IconUriServlet. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://ecosystem.atlassian.net/browse/OAUTH-344"); script_set_attribute(attribute:"solution", value: "Upgrade to Crucible 4.3.2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-9506"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/30"); script_set_attribute(attribute:"patch_publication_date", value:"2017/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/28"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:atlassian:crucible"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("crucible_detect.nasl"); script_require_keys("installed_sw/crucible", "Settings/ParanoidReport"); script_require_ports("Services/www", 8060); exit(0); } include("http.inc"); include("vcf.inc"); port = get_http_port(default:8060); app = "crucible"; app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE); if (report_paranoia < 2) audit(AUDIT_PARANOID); vcf::check_granularity(app_info:app_info, sig_segments:3); constraints = [ { "min_version" : "1.0.0", "fixed_version" : "4.3.2" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{"xsrf":TRUE});
References
- http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html
- https://ecosystem.atlassian.net/browse/OAUTH-344
- https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3
- https://twitter.com/ankit_anubhav/status/973566620676382721
- https://twitter.com/Zer0Security/status/983529439433777152