virus logo FortiClient Vulnerability

Atlassian Jira Software Server CVE-2020-36232 Server Side Reqeust Forgery Vulnerability

description-logoDescription

The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups and requests to arbitrary services as it incorrectly obtained application base url information from the executing http request which could be attacker controlled.

affected-products-logoAffected Applications

Jira Software Server

CVE References

CVE-2020-36232

Other References

https://jira.atlassian.com/projects/JRASERVER/issues/
ID 74237
Created Dec 20, 2022
Description
Updated		 Dec 14, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor Atlassian
Patch manual
Application Jira Software Server