The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
{
"versions": [
{
"introduced": "0"
},
{
"last_affected": "1.3.0"
},
{
"introduced": "0"
},
{
"last_affected": "1.3.1"
},
{
"introduced": "0"
},
{
"last_affected": "1.3.2"
},
{
"introduced": "0"
},
{
"last_affected": "1.3.3"
},
{
"introduced": "0"
},
{
"last_affected": "1.3.4"
},
{
"introduced": "0"
},
{
"last_affected": "1.3.5"
},
{
"introduced": "0"
},
{
"last_affected": "1.3.6"
},
{
"introduced": "0"
},
{
"last_affected": "1.3.7"
},
{
"introduced": "0"
},
{
"last_affected": "1.3.8"
},
{
"introduced": "0"
},
{
"last_affected": "1.3.9"
},
{
"introduced": "0"
},
{
"last_affected": "1.3.10"
},
{
"introduced": "0"
},
{
"last_affected": "1.4.0"
},
{
"introduced": "0"
},
{
"last_affected": "1.4.0-m1"
},
{
"introduced": "0"
},
{
"last_affected": "1.4.0-m2"
},
{
"introduced": "0"
},
{
"last_affected": "1.4.1"
},
{
"introduced": "0"
},
{
"last_affected": "1.5.0"
},
{
"introduced": "0"
},
{
"last_affected": "1.5.0-m1"
},
{
"introduced": "0"
},
{
"last_affected": "1.5.0-m3"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.0"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.0-m1"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.0-m4"
},
{
"introduced": "0"
},
{
"last_affected": "1.6.1"
},
{
"introduced": "0"
},
{
"last_affected": "1.7.0"
},
{
"introduced": "0"
},
{
"last_affected": "1.8.0"
},
{
"introduced": "0"
},
{
"last_affected": "1.8.0-m1"
},
{
"introduced": "0"
},
{
"last_affected": "1.8.1"
},
{
"introduced": "0"
},
{
"last_affected": "1.8.2"
},
{
"introduced": "0"
},
{
"last_affected": "1.8.3"
},
{
"introduced": "0"
},
{
"last_affected": "1.8.4"
},
{
"introduced": "0"
},
{
"last_affected": "1.8.5"
},
{
"introduced": "0"
},
{
"last_affected": "1.9.0-m1"
},
{
"introduced": "0"
},
{
"last_affected": "1.9.0-m2"
},
{
"introduced": "0"
},
{
"last_affected": "1.9.1"
},
{
"introduced": "0"
},
{
"last_affected": "1.9.2"
},
{
"introduced": "0"
},
{
"last_affected": "1.9.3"
},
{
"introduced": "0"
},
{
"last_affected": "1.9.4"
},
{
"introduced": "0"
},
{
"last_affected": "1.9.5"
},
{
"introduced": "0"
},
{
"last_affected": "1.9.6"
},
{
"introduced": "0"
},
{
"last_affected": "1.9.7"
},
{
"introduced": "0"
},
{
"last_affected": "1.9.8"
},
{
"introduced": "0"
},
{
"last_affected": "1.9.9"
},
{
"introduced": "0"
},
{
"last_affected": "1.9.10"
},
{
"introduced": "0"
},
{
"last_affected": "1.9.11"
},
{
"introduced": "0"
},
{
"last_affected": "2.0.0"
},
{
"introduced": "0"
},
{
"last_affected": "2.0.1"
},
{
"introduced": "0"
},
{
"last_affected": "2.0.2"
},
{
"introduced": "0"
},
{
"last_affected": "2.0.3"
}
]
}