VYPR
Medium severity6.1NVD Advisory· Published Aug 23, 2017· Updated Jun 17, 2026

CVE-2017-9506

CVE-2017-9506

Description

The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).

Affected products

49
  • Atlassian/OAuth48 versions
    cpe:2.3:a:atlassian:oauth:1.3.0:*:*:*:*:*:*:*+ 47 more
    • cpe:2.3:a:atlassian:oauth:1.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.3.10:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.3.7:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.3.8:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.3.9:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.4.0:m1:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.4.0:m2:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.5.0:m1:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.5.0:m3:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.6.0:m1:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.6.0:m4:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.8.0:m1:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.9.0:m1:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.9.0:m2:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.9.10:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.9.11:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.9.4:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.9.5:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.9.6:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.9.7:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.9.8:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:1.9.9:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:oauth:2.0.3:*:*:*:*:*:*:*
  • Range: From version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4.

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.