The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).

Related CVEs

CVE-2017-9506

Key Information

GHSA ID

GHSA-wr82-63qc-g2h8

Published

May 14, 2022 1:04 AM

Last Modified

May 14, 2022 1:04 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 29, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.