CVE-2017-18104

Published: Jul 24, 2018Modified: Nov 21, 2024

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are not contained within the results of a specified JQL query.

Affected (2)

Products: Atlassian: Jira, Jira Server

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Atlassian Jira	Before 7.6.7
Atlassian Jira Server	From 7.7.0 to 7.11.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://jira.atlassian.com/browse/JRASERVER-59980

Source: security@atlassian.com

ExploitVendor Advisory

https://jira.atlassian.com/browse/JRASERVER-59980

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.