Loading HuntDB...

GHSA-3jwg-839p-m5gf

GitHub Security Advisory

⚠ Unreviewed HIGH Has CVE

Advisory Details

The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery (SSRF) by creating an OAuth application link to a location they control and then redirecting access from the linked location's OAuth status rest resource to an internal location. When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information.

Related CVEs

Key Information

GHSA ID
GHSA-3jwg-839p-m5gf
Published
May 14, 2022 3:24 AM
Last Modified
May 14, 2022 3:24 AM
CVSS Score
7.5 /10
Primary Ecosystem
Unknown
Primary Package
Unknown
GitHub Reviewed
✗ No

Dataset

Last updated: July 29, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.