{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T07:04:30.830","vulnerabilities":[{"cve":{"id":"CVE-2017-9506","sourceIdentifier":"security@atlassian.com","published":"2017-08-23T19:29:00.197","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF)."},{"lang":"es","value":"IconUriServlet del plugin Atlassian OAuth desde la versión 1.3.0 y antes de la versión 1.9.12, y desde la versión 2.0.0 antes de la versión 2.0.4 permite que atacantes remotos accedan al contenido de los recursos de red internos y/o realizar un ataque XSS mediante Server Side Request Forgery (SSRF)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"6931470D-FCD0-4295-B526-72F9DC18F8D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.3.1:*:*:*:*:*:*:*","matchCriteriaId":"86DF4383-C75F-4C20-97AE-17024E59C85F"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.3.2:*:*:*:*:*:*:*","matchCriteriaId":"4CE7703F-28FA-49F3-B8F0-0EA19983534C"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.3.3:*:*:*:*:*:*:*","matchCriteriaId":"F1B1269B-D7F0-4AB9-A6A1-F5F09273C1E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.3.4:*:*:*:*:*:*:*","matchCriteriaId":"5F788273-7F50-4A5F-B194-9AF88AD5C83F"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.3.5:*:*:*:*:*:*:*","matchCriteriaId":"60D90C52-C6D4-4BA2-B16F-E24562AB35D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.3.6:*:*:*:*:*:*:*","matchCriteriaId":"74865E14-42E9-40C9-AA3E-33B00BCBAF90"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.3.7:*:*:*:*:*:*:*","matchCriteriaId":"7C4D0F79-ACD1-4356-BED4-F361D60633FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.3.8:*:*:*:*:*:*:*","matchCriteriaId":"59F8F976-DA00-4618-8E54-60D6133AAB55"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.3.9:*:*:*:*:*:*:*","matchCriteriaId":"E5826307-85F4-4C9D-A8C2-E736877F2487"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.3.10:*:*:*:*:*:*:*","matchCriteriaId":"7408A0CF-58FC-4FC5-8406-9624C059F480"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"6A3CB417-E229-4D0E-AAE1-6A1708332DAB"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.4.0:m1:*:*:*:*:*:*","matchCriteriaId":"6B25D52D-C926-4CE2-8FD7-08211FB5156F"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.4.0:m2:*:*:*:*:*:*","matchCriteriaId":"1B45678B-D690-455B-82FB-29B5E6C92D99"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.4.1:*:*:*:*:*:*:*","matchCriteriaId":"5890D37F-7C5E-484C-BA9F-B101EE407535"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.5.0:*:*:*:*:*:*:*","matchCriteriaId":"9F8F9EE5-680F-4E96-8266-61F5EAD57F36"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.5.0:m1:*:*:*:*:*:*","matchCriteriaId":"C15E96B8-D920-43B9-A587-9A6ED4CADDA2"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.5.0:m3:*:*:*:*:*:*","matchCriteriaId":"68DC4126-C130-419F-8A1C-B50C4AB196F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.6.0:*:*:*:*:*:*:*","matchCriteriaId":"E8BECD3F-26FD-4FF4-AB68-6597766C5784"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.6.0:m1:*:*:*:*:*:*","matchCriteriaId":"03914A93-B432-4AE1-94C1-23C23C22E07E"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.6.0:m4:*:*:*:*:*:*","matchCriteriaId":"441FE496-A2A8-478D-8AC0-6AE7210B8DFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.6.1:*:*:*:*:*:*:*","matchCriteriaId":"DF711A0D-7527-440D-9F54-32B2D550BFE8"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.7.0:*:*:*:*:*:*:*","matchCriteriaId":"DA6E4311-CDED-4D26-8258-0CA2106723C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.8.0:*:*:*:*:*:*:*","matchCriteriaId":"408339FF-21EB-44D8-BD26-E085AE83AC80"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.8.0:m1:*:*:*:*:*:*","matchCriteriaId":"B60AA166-B682-4420-BC98-104A19E0F604"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.8.1:*:*:*:*:*:*:*","matchCriteriaId":"8278DDA7-4F73-4EDD-AA97-A1AB6806D6E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.8.2:*:*:*:*:*:*:*","matchCriteriaId":"09A9F674-3B94-4D3A-870E-F4488A00BDA3"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.8.3:*:*:*:*:*:*:*","matchCriteriaId":"D4088D76-BA49-422A-B80F-BC4C7656C28E"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.8.4:*:*:*:*:*:*:*","matchCriteriaId":"32804B74-92C4-4FAD-86D3-599108CC0E36"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.8.5:*:*:*:*:*:*:*","matchCriteriaId":"919EB181-8A1D-4BBC-A847-F6320480EDC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.9.0:*:*:*:*:*:*:*","matchCriteriaId":"88F98ECB-402C-404B-B22D-9E145CC568F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.9.0:m1:*:*:*:*:*:*","matchCriteriaId":"9B6A21E5-78A2-4C70-9EA2-0C3463647B98"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.9.0:m2:*:*:*:*:*:*","matchCriteriaId":"70DD87A9-806B-4D01-876B-AFCCF57052ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.9.1:*:*:*:*:*:*:*","matchCriteriaId":"DA83C8C5-6AA5-4560-8839-297DF9A676DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.9.2:*:*:*:*:*:*:*","matchCriteriaId":"964D45DE-7F4D-41C4-AD3E-D14FF2906632"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.9.3:*:*:*:*:*:*:*","matchCriteriaId":"8944539B-B073-4308-91FF-84437D7AE220"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.9.4:*:*:*:*:*:*:*","matchCriteriaId":"DC5AF81F-65A5-402A-9AFE-A414F969C1F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.9.5:*:*:*:*:*:*:*","matchCriteriaId":"844330C2-A2C6-433A-9C28-5012FDF81423"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.9.6:*:*:*:*:*:*:*","matchCriteriaId":"91E6952F-3742-4A9F-B6A3-E6469E1D3D6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.9.7:*:*:*:*:*:*:*","matchCriteriaId":"A638EEDC-AEF5-4496-A006-E860E7C59926"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.9.8:*:*:*:*:*:*:*","matchCriteriaId":"108C2E74-3300-47AD-940C-ADEF1613F380"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.9.9:*:*:*:*:*:*:*","matchCriteriaId":"07B479B9-4299-4F54-8E6D-6EE9E860B4FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.9.10:*:*:*:*:*:*:*","matchCriteriaId":"EDF046E0-0BAB-42D0-A7D2-4179EF6639EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:1.9.11:*:*:*:*:*:*:*","matchCriteriaId":"554DF85D-5B54-42EC-B86E-94449C592C7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CFFCCA48-CC4A-4B97-A1E2-17D26D88C47C"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"5D4A72A1-F335-4E22-B798-69B122145411"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"42C01D71-0E47-48C1-A55B-7548AD0178A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:oauth:2.0.3:*:*:*:*:*:*:*","matchCriteriaId":"F8466429-974C-4921-AE06-CE3DB2E6E48A"}]}]}],"references":[{"url":"http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html","source":"security@atlassian.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://ecosystem.atlassian.net/browse/OAUTH-344","source":"security@atlassian.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3","source":"security@atlassian.com","tags":["Broken Link","Third Party Advisory"]},{"url":"https://twitter.com/Zer0Security/status/983529439433777152","source":"security@atlassian.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://twitter.com/ankit_anubhav/status/973566620676382721","source":"security@atlassian.com","tags":["Exploit","Third Party Advisory"]},{"url":"http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://ecosystem.atlassian.net/browse/OAUTH-344","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory"]},{"url":"https://twitter.com/Zer0Security/status/983529439433777152","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://twitter.com/ankit_anubhav/status/973566620676382721","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}