CVE-2018-13404 Information

Description

The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10 from version 7.7.0 before version 7.7.5 from version 7.8.0 before version 7.8.5 from version 7.9.0 before version 7.9.3 from version 7.10.0 before version 7.10.3 from version 7.11.0 before version 7.11.3 from version 7.12.0 before version 7.12.3 and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

Reference

https://jira.atlassian.com/browse/JRASERVER-68527

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

4.1