Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-9506 (GCVE-0-2017-9506)
Vulnerability from cvelistv5 – Published: 2017-08-23 19:00 – Updated: 2024-10-16 14:03Summary
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Server-Side Request Forgery
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://dontpanic.42.nl/2017/12/there-is-proxy-in-… | x_refsource_MISC |
| https://twitter.com/ankit_anubhav/status/97356662… | x_refsource_MISC |
| https://ecosystem.atlassian.net/browse/OAUTH-344 | x_refsource_MISC |
| https://twitter.com/Zer0Security/status/983529439… | x_refsource_MISC |
| https://medium.com/bugbountywriteup/piercing-the-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Atlassian OAuth Plugin |
Affected:
From version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4.
|
Date Public
2017-05-31 00:00
KEVIntel
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 77712a7c-d7b9-4027-ac60-d07395675efe
Exploited: Yes
Timestamps
First Seen: 2017-08-23
Asserted: 2017-08-23
Scope
Notes: KEVIntel entry: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote... | Affected: Atlassian / Atlassian OAuth Plugin | Used in malware: unknown | Not yet in CISA KEV: True
Evidence
Type: Public Report
Signal: Successful Exploitation
Confidence: 70%
Source: kevintel
Details
| Feed | KEVIntel (kevintel.com) |
|---|---|
| Title | The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote... |
| Vendor | Atlassian |
| Product | Atlassian OAuth Plugin |
| Added Date | 2017-08-23T19:00:00.000Z |
| Cvss Score | None |
| Epss Score | None |
| Cvss Severity | None |
| Epss Percentile | None |
| Used In Malware | unknown |
| Ahead Of Cisa Kev | None |
| Not Yet In Cisa Kev | True |
References
Created: 2026-06-23 14:06 UTC
| Updated: 2026-06-23 14:06 UTC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:01.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/ankit_anubhav/status/973566620676382721"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ecosystem.atlassian.net/browse/OAUTH-344"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/Zer0Security/status/983529439433777152"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-9506",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T14:02:53.950017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T14:03:06.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Atlassian OAuth Plugin",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "From version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4."
}
]
}
],
"datePublic": "2017-05-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-10T06:57:01.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/ankit_anubhav/status/973566620676382721"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ecosystem.atlassian.net/browse/OAUTH-344"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/Zer0Security/status/983529439433777152"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2017-05-31T00:00:00",
"ID": "CVE-2017-9506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Atlassian OAuth Plugin",
"version": {
"version_data": [
{
"version_value": "From version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4."
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html",
"refsource": "MISC",
"url": "http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html"
},
{
"name": "https://twitter.com/ankit_anubhav/status/973566620676382721",
"refsource": "MISC",
"url": "https://twitter.com/ankit_anubhav/status/973566620676382721"
},
{
"name": "https://ecosystem.atlassian.net/browse/OAUTH-344",
"refsource": "MISC",
"url": "https://ecosystem.atlassian.net/browse/OAUTH-344"
},
{
"name": "https://twitter.com/Zer0Security/status/983529439433777152",
"refsource": "MISC",
"url": "https://twitter.com/Zer0Security/status/983529439433777152"
},
{
"name": "https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3",
"refsource": "MISC",
"url": "https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2017-9506",
"datePublished": "2017-08-23T19:00:00.000Z",
"dateReserved": "2017-06-07T00:00:00.000Z",
"dateUpdated": "2024-10-16T14:03:06.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2017-9506",
"date": "2026-06-26",
"epss": "0.71601",
"percentile": "0.9934"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6931470D-FCD0-4295-B526-72F9DC18F8D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86DF4383-C75F-4C20-97AE-17024E59C85F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CE7703F-28FA-49F3-B8F0-0EA19983534C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1B1269B-D7F0-4AB9-A6A1-F5F09273C1E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F788273-7F50-4A5F-B194-9AF88AD5C83F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60D90C52-C6D4-4BA2-B16F-E24562AB35D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74865E14-42E9-40C9-AA3E-33B00BCBAF90\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.3.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C4D0F79-ACD1-4356-BED4-F361D60633FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.3.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59F8F976-DA00-4618-8E54-60D6133AAB55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.3.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5826307-85F4-4C9D-A8C2-E736877F2487\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.3.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7408A0CF-58FC-4FC5-8406-9624C059F480\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A3CB417-E229-4D0E-AAE1-6A1708332DAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.4.0:m1:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B25D52D-C926-4CE2-8FD7-08211FB5156F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.4.0:m2:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B45678B-D690-455B-82FB-29B5E6C92D99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5890D37F-7C5E-484C-BA9F-B101EE407535\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F8F9EE5-680F-4E96-8266-61F5EAD57F36\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.5.0:m1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C15E96B8-D920-43B9-A587-9A6ED4CADDA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.5.0:m3:*:*:*:*:*:*\", \"matchCriteriaId\": \"68DC4126-C130-419F-8A1C-B50C4AB196F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8BECD3F-26FD-4FF4-AB68-6597766C5784\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.6.0:m1:*:*:*:*:*:*\", \"matchCriteriaId\": \"03914A93-B432-4AE1-94C1-23C23C22E07E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.6.0:m4:*:*:*:*:*:*\", \"matchCriteriaId\": \"441FE496-A2A8-478D-8AC0-6AE7210B8DFF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF711A0D-7527-440D-9F54-32B2D550BFE8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA6E4311-CDED-4D26-8258-0CA2106723C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"408339FF-21EB-44D8-BD26-E085AE83AC80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.8.0:m1:*:*:*:*:*:*\", \"matchCriteriaId\": \"B60AA166-B682-4420-BC98-104A19E0F604\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8278DDA7-4F73-4EDD-AA97-A1AB6806D6E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09A9F674-3B94-4D3A-870E-F4488A00BDA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.8.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4088D76-BA49-422A-B80F-BC4C7656C28E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32804B74-92C4-4FAD-86D3-599108CC0E36\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.8.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"919EB181-8A1D-4BBC-A847-F6320480EDC2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88F98ECB-402C-404B-B22D-9E145CC568F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.9.0:m1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B6A21E5-78A2-4C70-9EA2-0C3463647B98\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.9.0:m2:*:*:*:*:*:*\", \"matchCriteriaId\": \"70DD87A9-806B-4D01-876B-AFCCF57052ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA83C8C5-6AA5-4560-8839-297DF9A676DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"964D45DE-7F4D-41C4-AD3E-D14FF2906632\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.9.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8944539B-B073-4308-91FF-84437D7AE220\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.9.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC5AF81F-65A5-402A-9AFE-A414F969C1F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.9.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"844330C2-A2C6-433A-9C28-5012FDF81423\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.9.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"91E6952F-3742-4A9F-B6A3-E6469E1D3D6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.9.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A638EEDC-AEF5-4496-A006-E860E7C59926\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.9.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"108C2E74-3300-47AD-940C-ADEF1613F380\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.9.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B479B9-4299-4F54-8E6D-6EE9E860B4FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.9.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDF046E0-0BAB-42D0-A7D2-4179EF6639EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:1.9.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"554DF85D-5B54-42EC-B86E-94449C592C7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFFCCA48-CC4A-4B97-A1E2-17D26D88C47C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D4A72A1-F335-4E22-B798-69B122145411\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42C01D71-0E47-48C1-A55B-7548AD0178A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:oauth:2.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8466429-974C-4921-AE06-CE3DB2E6E48A\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).\"}, {\"lang\": \"es\", \"value\": \"IconUriServlet del plugin Atlassian OAuth desde la versi\\u00f3n 1.3.0 y antes de la versi\\u00f3n 1.9.12, y desde la versi\\u00f3n 2.0.0 antes de la versi\\u00f3n 2.0.4 permite que atacantes remotos accedan al contenido de los recursos de red internos y/o realizar un ataque XSS mediante Server Side Request Forgery (SSRF).\"}]",
"id": "CVE-2017-9506",
"lastModified": "2024-11-21T03:36:17.433",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2017-08-23T19:29:00.197",
"references": "[{\"url\": \"http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html\", \"source\": \"security@atlassian.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://ecosystem.atlassian.net/browse/OAUTH-344\", \"source\": \"security@atlassian.com\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3\", \"source\": \"security@atlassian.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\"]}, {\"url\": \"https://twitter.com/Zer0Security/status/983529439433777152\", \"source\": \"security@atlassian.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://twitter.com/ankit_anubhav/status/973566620676382721\", \"source\": \"security@atlassian.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://ecosystem.atlassian.net/browse/OAUTH-344\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\"]}, {\"url\": \"https://twitter.com/Zer0Security/status/983529439433777152\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://twitter.com/ankit_anubhav/status/973566620676382721\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "security@atlassian.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-918\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-9506\",\"sourceIdentifier\":\"security@atlassian.com\",\"published\":\"2017-08-23T19:29:00.197\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).\"},{\"lang\":\"es\",\"value\":\"IconUriServlet del plugin Atlassian OAuth desde la versi\u00f3n 1.3.0 y antes de la versi\u00f3n 1.9.12, y desde la versi\u00f3n 2.0.0 antes de la versi\u00f3n 2.0.4 permite que atacantes remotos accedan al contenido de los recursos de red internos y/o realizar un ataque XSS mediante Server Side Request Forgery (SSRF).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6931470D-FCD0-4295-B526-72F9DC18F8D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86DF4383-C75F-4C20-97AE-17024E59C85F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CE7703F-28FA-49F3-B8F0-0EA19983534C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1B1269B-D7F0-4AB9-A6A1-F5F09273C1E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F788273-7F50-4A5F-B194-9AF88AD5C83F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60D90C52-C6D4-4BA2-B16F-E24562AB35D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74865E14-42E9-40C9-AA3E-33B00BCBAF90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C4D0F79-ACD1-4356-BED4-F361D60633FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59F8F976-DA00-4618-8E54-60D6133AAB55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5826307-85F4-4C9D-A8C2-E736877F2487\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7408A0CF-58FC-4FC5-8406-9624C059F480\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A3CB417-E229-4D0E-AAE1-6A1708332DAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.4.0:m1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B25D52D-C926-4CE2-8FD7-08211FB5156F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.4.0:m2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B45678B-D690-455B-82FB-29B5E6C92D99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5890D37F-7C5E-484C-BA9F-B101EE407535\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F8F9EE5-680F-4E96-8266-61F5EAD57F36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.5.0:m1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C15E96B8-D920-43B9-A587-9A6ED4CADDA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.5.0:m3:*:*:*:*:*:*\",\"matchCriteriaId\":\"68DC4126-C130-419F-8A1C-B50C4AB196F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8BECD3F-26FD-4FF4-AB68-6597766C5784\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.6.0:m1:*:*:*:*:*:*\",\"matchCriteriaId\":\"03914A93-B432-4AE1-94C1-23C23C22E07E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.6.0:m4:*:*:*:*:*:*\",\"matchCriteriaId\":\"441FE496-A2A8-478D-8AC0-6AE7210B8DFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF711A0D-7527-440D-9F54-32B2D550BFE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA6E4311-CDED-4D26-8258-0CA2106723C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"408339FF-21EB-44D8-BD26-E085AE83AC80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.8.0:m1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B60AA166-B682-4420-BC98-104A19E0F604\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8278DDA7-4F73-4EDD-AA97-A1AB6806D6E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09A9F674-3B94-4D3A-870E-F4488A00BDA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4088D76-BA49-422A-B80F-BC4C7656C28E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32804B74-92C4-4FAD-86D3-599108CC0E36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"919EB181-8A1D-4BBC-A847-F6320480EDC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88F98ECB-402C-404B-B22D-9E145CC568F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.9.0:m1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B6A21E5-78A2-4C70-9EA2-0C3463647B98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.9.0:m2:*:*:*:*:*:*\",\"matchCriteriaId\":\"70DD87A9-806B-4D01-876B-AFCCF57052ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA83C8C5-6AA5-4560-8839-297DF9A676DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"964D45DE-7F4D-41C4-AD3E-D14FF2906632\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8944539B-B073-4308-91FF-84437D7AE220\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC5AF81F-65A5-402A-9AFE-A414F969C1F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"844330C2-A2C6-433A-9C28-5012FDF81423\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91E6952F-3742-4A9F-B6A3-E6469E1D3D6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.9.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A638EEDC-AEF5-4496-A006-E860E7C59926\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"108C2E74-3300-47AD-940C-ADEF1613F380\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.9.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B479B9-4299-4F54-8E6D-6EE9E860B4FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.9.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDF046E0-0BAB-42D0-A7D2-4179EF6639EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:1.9.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"554DF85D-5B54-42EC-B86E-94449C592C7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFFCCA48-CC4A-4B97-A1E2-17D26D88C47C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D4A72A1-F335-4E22-B798-69B122145411\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42C01D71-0E47-48C1-A55B-7548AD0178A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:oauth:2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8466429-974C-4921-AE06-CE3DB2E6E48A\"}]}]}],\"references\":[{\"url\":\"http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html\",\"source\":\"security@atlassian.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://ecosystem.atlassian.net/browse/OAUTH-344\",\"source\":\"security@atlassian.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3\",\"source\":\"security@atlassian.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"https://twitter.com/Zer0Security/status/983529439433777152\",\"source\":\"security@atlassian.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://twitter.com/ankit_anubhav/status/973566620676382721\",\"source\":\"security@atlassian.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://ecosystem.atlassian.net/browse/OAUTH-344\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\"]},{\"url\":\"https://twitter.com/Zer0Security/status/983529439433777152\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://twitter.com/ankit_anubhav/status/973566620676382721\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://twitter.com/ankit_anubhav/status/973566620676382721\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://ecosystem.atlassian.net/browse/OAUTH-344\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://twitter.com/Zer0Security/status/983529439433777152\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T17:11:01.834Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2017-9506\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-16T14:02:53.950017Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-16T14:03:03.676Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Atlassian\", \"product\": \"Atlassian OAuth Plugin\", \"versions\": [{\"status\": \"affected\", \"version\": \"From version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4.\"}]}], \"datePublic\": \"2017-05-31T00:00:00.000Z\", \"references\": [{\"url\": \"http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://twitter.com/ankit_anubhav/status/973566620676382721\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://ecosystem.atlassian.net/browse/OAUTH-344\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://twitter.com/Zer0Security/status/983529439433777152\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Server-Side Request Forgery\"}]}], \"providerMetadata\": {\"orgId\": \"f08a6ab8-ed46-4c22-8884-d911ccfe3c66\", \"shortName\": \"atlassian\", \"dateUpdated\": \"2018-04-10T06:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"From version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4.\"}]}, \"product_name\": \"Atlassian OAuth Plugin\"}]}, \"vendor_name\": \"Atlassian\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html\", \"name\": \"http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://twitter.com/ankit_anubhav/status/973566620676382721\", \"name\": \"https://twitter.com/ankit_anubhav/status/973566620676382721\", \"refsource\": \"MISC\"}, {\"url\": \"https://ecosystem.atlassian.net/browse/OAUTH-344\", \"name\": \"https://ecosystem.atlassian.net/browse/OAUTH-344\", \"refsource\": \"MISC\"}, {\"url\": \"https://twitter.com/Zer0Security/status/983529439433777152\", \"name\": \"https://twitter.com/Zer0Security/status/983529439433777152\", \"refsource\": \"MISC\"}, {\"url\": \"https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3\", \"name\": \"https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Server-Side Request Forgery\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2017-9506\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"security@atlassian.com\", \"DATE_PUBLIC\": \"2017-05-31T00:00:00\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2017-9506\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-16T14:03:06.883Z\", \"dateReserved\": \"2017-06-07T00:00:00.000Z\", \"assignerOrgId\": \"f08a6ab8-ed46-4c22-8884-d911ccfe3c66\", \"datePublished\": \"2017-08-23T19:00:00.000Z\", \"assignerShortName\": \"atlassian\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Title
Atlassian OAuth服务器端请求伪造漏洞
Description
Atlassian OAuth Plugin是澳大利亚Atlassian公司的一款用于访问个人Atlassian软件数据的授权插件。
Atlassian OAuth Plugin中的IconUriServlet存在安全漏洞。远程攻击者可利用该漏洞访问内部网络资源或执行跨站脚本攻击。
Severity
中
Patch Name
Atlassian OAuth服务器端请求伪造漏洞的补丁
Patch Description
Atlassian OAuth Plugin是澳大利亚Atlassian公司的一款用于访问个人Atlassian软件数据的授权插件。
Atlassian OAuth Plugin中的IconUriServlet存在安全漏洞。远程攻击者可利用该漏洞访问内部网络资源或执行跨站脚本攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://ecosystem.atlassian.net/browse/OAUTH-344
Reference
https://nvd.nist.gov/vuln/detail/CVE-2017-9506
Impacted products
| Name | ['Atlassian OAuth 1.3.0(<1.9.12)', 'Atlassian OAuth 2.0.0(<2.0.4)'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-9506"
}
},
"description": "Atlassian OAuth Plugin\u662f\u6fb3\u5927\u5229\u4e9aAtlassian\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u8bbf\u95ee\u4e2a\u4ebaAtlassian\u8f6f\u4ef6\u6570\u636e\u7684\u6388\u6743\u63d2\u4ef6\u3002\r\n\r\nAtlassian OAuth Plugin\u4e2d\u7684IconUriServlet\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u5185\u90e8\u7f51\u7edc\u8d44\u6e90\u6216\u6267\u884c\u8de8\u7ad9\u811a\u672c\u653b\u51fb\u3002",
"discovererName": "unknwon",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://ecosystem.atlassian.net/browse/OAUTH-344",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-30063",
"openTime": "2017-10-14",
"patchDescription": "Atlassian OAuth Plugin\u662f\u6fb3\u5927\u5229\u4e9aAtlassian\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u8bbf\u95ee\u4e2a\u4ebaAtlassian\u8f6f\u4ef6\u6570\u636e\u7684\u6388\u6743\u63d2\u4ef6\u3002\r\n\r\nAtlassian OAuth Plugin\u4e2d\u7684IconUriServlet\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u5185\u90e8\u7f51\u7edc\u8d44\u6e90\u6216\u6267\u884c\u8de8\u7ad9\u811a\u672c\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Atlassian OAuth\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Atlassian OAuth 1.3.0(\u003c1.9.12)",
"Atlassian OAuth 2.0.0(\u003c2.0.4)"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-9506",
"serverity": "\u4e2d",
"submitTime": "2017-08-24",
"title": "Atlassian OAuth\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}
FKIE_CVE-2017-9506
Vulnerability from fkie_nvd - Published: 2017-08-23 19:29 - Updated: 2026-06-17 01:28
Severity
Summary
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
References
Impacted products
{
"affected": [
{
"affectedData": [
{
"product": "Atlassian OAuth Plugin",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "From version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4."
}
]
}
],
"source": "security@atlassian.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6931470D-FCD0-4295-B526-72F9DC18F8D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "86DF4383-C75F-4C20-97AE-17024E59C85F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE7703F-28FA-49F3-B8F0-0EA19983534C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B1269B-D7F0-4AB9-A6A1-F5F09273C1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F788273-7F50-4A5F-B194-9AF88AD5C83F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "60D90C52-C6D4-4BA2-B16F-E24562AB35D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74865E14-42E9-40C9-AA3E-33B00BCBAF90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4D0F79-ACD1-4356-BED4-F361D60633FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "59F8F976-DA00-4618-8E54-60D6133AAB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E5826307-85F4-4C9D-A8C2-E736877F2487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7408A0CF-58FC-4FC5-8406-9624C059F480",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3CB417-E229-4D0E-AAE1-6A1708332DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.4.0:m1:*:*:*:*:*:*",
"matchCriteriaId": "6B25D52D-C926-4CE2-8FD7-08211FB5156F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.4.0:m2:*:*:*:*:*:*",
"matchCriteriaId": "1B45678B-D690-455B-82FB-29B5E6C92D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5890D37F-7C5E-484C-BA9F-B101EE407535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8F9EE5-680F-4E96-8266-61F5EAD57F36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.5.0:m1:*:*:*:*:*:*",
"matchCriteriaId": "C15E96B8-D920-43B9-A587-9A6ED4CADDA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.5.0:m3:*:*:*:*:*:*",
"matchCriteriaId": "68DC4126-C130-419F-8A1C-B50C4AB196F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BECD3F-26FD-4FF4-AB68-6597766C5784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.6.0:m1:*:*:*:*:*:*",
"matchCriteriaId": "03914A93-B432-4AE1-94C1-23C23C22E07E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.6.0:m4:*:*:*:*:*:*",
"matchCriteriaId": "441FE496-A2A8-478D-8AC0-6AE7210B8DFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF711A0D-7527-440D-9F54-32B2D550BFE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA6E4311-CDED-4D26-8258-0CA2106723C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "408339FF-21EB-44D8-BD26-E085AE83AC80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.8.0:m1:*:*:*:*:*:*",
"matchCriteriaId": "B60AA166-B682-4420-BC98-104A19E0F604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8278DDA7-4F73-4EDD-AA97-A1AB6806D6E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09A9F674-3B94-4D3A-870E-F4488A00BDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4088D76-BA49-422A-B80F-BC4C7656C28E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "32804B74-92C4-4FAD-86D3-599108CC0E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "919EB181-8A1D-4BBC-A847-F6320480EDC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88F98ECB-402C-404B-B22D-9E145CC568F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.9.0:m1:*:*:*:*:*:*",
"matchCriteriaId": "9B6A21E5-78A2-4C70-9EA2-0C3463647B98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.9.0:m2:*:*:*:*:*:*",
"matchCriteriaId": "70DD87A9-806B-4D01-876B-AFCCF57052ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA83C8C5-6AA5-4560-8839-297DF9A676DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "964D45DE-7F4D-41C4-AD3E-D14FF2906632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8944539B-B073-4308-91FF-84437D7AE220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5AF81F-65A5-402A-9AFE-A414F969C1F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "844330C2-A2C6-433A-9C28-5012FDF81423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "91E6952F-3742-4A9F-B6A3-E6469E1D3D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A638EEDC-AEF5-4496-A006-E860E7C59926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "108C2E74-3300-47AD-940C-ADEF1613F380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "07B479B9-4299-4F54-8E6D-6EE9E860B4FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF046E0-0BAB-42D0-A7D2-4179EF6639EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:1.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "554DF85D-5B54-42EC-B86E-94449C592C7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFCCA48-CC4A-4B97-A1E2-17D26D88C47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D4A72A1-F335-4E22-B798-69B122145411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42C01D71-0E47-48C1-A55B-7548AD0178A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:atlassian:oauth:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8466429-974C-4921-AE06-CE3DB2E6E48A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF)."
},
{
"lang": "es",
"value": "IconUriServlet del plugin Atlassian OAuth desde la versi\u00f3n 1.3.0 y antes de la versi\u00f3n 1.9.12, y desde la versi\u00f3n 2.0.0 antes de la versi\u00f3n 2.0.4 permite que atacantes remotos accedan al contenido de los recursos de red internos y/o realizar un ataque XSS mediante Server Side Request Forgery (SSRF)."
}
],
"id": "CVE-2017-9506",
"lastModified": "2026-06-17T01:28:15.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2017-9506",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T14:02:53.950017Z",
"version": "2.0.3"
}
}
]
},
"published": "2017-08-23T19:29:00.197",
"references": [
{
"source": "security@atlassian.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html"
},
{
"source": "security@atlassian.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://ecosystem.atlassian.net/browse/OAUTH-344"
},
{
"source": "security@atlassian.com",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3"
},
{
"source": "security@atlassian.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://twitter.com/Zer0Security/status/983529439433777152"
},
{
"source": "security@atlassian.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://twitter.com/ankit_anubhav/status/973566620676382721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://ecosystem.atlassian.net/browse/OAUTH-344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://twitter.com/Zer0Security/status/983529439433777152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://twitter.com/ankit_anubhav/status/973566620676382721"
}
],
"sourceIdentifier": "security@atlassian.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-WR82-63QC-G2H8
Vulnerability from github – Published: 2022-05-14 01:04 – Updated: 2022-05-14 01:04
VLAI
Details
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
Severity
6.1 (Medium)
{
"affected": [],
"aliases": [
"CVE-2017-9506"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-23T19:29:00Z",
"severity": "MODERATE"
},
"details": "The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).",
"id": "GHSA-wr82-63qc-g2h8",
"modified": "2022-05-14T01:04:28Z",
"published": "2022-05-14T01:04:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9506"
},
{
"type": "WEB",
"url": "https://ecosystem.atlassian.net/browse/OAUTH-344"
},
{
"type": "WEB",
"url": "https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3"
},
{
"type": "WEB",
"url": "https://twitter.com/Zer0Security/status/983529439433777152"
},
{
"type": "WEB",
"url": "https://twitter.com/ankit_anubhav/status/973566620676382721"
},
{
"type": "WEB",
"url": "http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2017-9506
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-9506",
"description": "The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).",
"id": "GSD-2017-9506"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-9506"
],
"details": "The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).",
"id": "GSD-2017-9506",
"modified": "2023-12-13T01:21:08.099652Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2017-05-31T00:00:00",
"ID": "CVE-2017-9506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Atlassian OAuth Plugin",
"version": {
"version_data": [
{
"version_value": "From version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4."
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html",
"refsource": "MISC",
"url": "http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html"
},
{
"name": "https://twitter.com/ankit_anubhav/status/973566620676382721",
"refsource": "MISC",
"url": "https://twitter.com/ankit_anubhav/status/973566620676382721"
},
{
"name": "https://ecosystem.atlassian.net/browse/OAUTH-344",
"refsource": "MISC",
"url": "https://ecosystem.atlassian.net/browse/OAUTH-344"
},
{
"name": "https://twitter.com/Zer0Security/status/983529439433777152",
"refsource": "MISC",
"url": "https://twitter.com/Zer0Security/status/983529439433777152"
},
{
"name": "https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3",
"refsource": "MISC",
"url": "https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.6.0:m4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.9.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.9.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.4.0:m1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.4.0:m2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.9.0:m1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:2.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.5.0:m1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.9.0:m2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.9.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.9.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.3.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.5.0:m3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.6.0:m1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.8.0:m1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:1.9.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:oauth:2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"ID": "CVE-2017-9506"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ecosystem.atlassian.net/browse/OAUTH-344",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://ecosystem.atlassian.net/browse/OAUTH-344"
},
{
"name": "https://twitter.com/ankit_anubhav/status/973566620676382721",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://twitter.com/ankit_anubhav/status/973566620676382721"
},
{
"name": "http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html"
},
{
"name": "https://twitter.com/Zer0Security/status/983529439433777152",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://twitter.com/Zer0Security/status/983529439433777152"
},
{
"name": "https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3",
"refsource": "MISC",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2019-05-10T15:22Z",
"publishedDate": "2017-08-23T19:29Z"
}
}
}
WID-SEC-W-2022-1375
Vulnerability from csaf_certbund - Published: 2022-09-11 22:00 - Updated: 2025-10-12 22:00Summary
JFrog Artifactory: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: JFrog Artifactory ist eine universelle DevOps-Lösung.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in JFrog Artifactory ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen.
Betroffene Betriebssysteme: - Linux
- UNIX
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JFrog Artifactory
JFrog / Artifactory
|
cpe:/a:jfrog:artifactory:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
JFrog Artifactory <7.46.3
JFrog / Artifactory
|
<7.46.3 |
References
8 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "JFrog Artifactory ist eine universelle DevOps-L\u00f6sung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in JFrog Artifactory ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszul\u00f6sen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1375 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1375.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1375 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1375"
},
{
"category": "external",
"summary": "JFrog Fixed Security Vulnerabilities vom 2022-09-11",
"url": "https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities"
},
{
"category": "external",
"summary": "JFrog Fixed Security Vulnerabilities",
"url": "https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6782 vom 2022-10-04",
"url": "https://access.redhat.com/errata/RHSA-2022:6782"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5776-1 vom 2022-12-13",
"url": "https://ubuntu.com/security/notices/USN-5776-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5165 vom 2023-09-14",
"url": "https://access.redhat.com/errata/RHSA-2023:5165"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03545-1 vom 2025-10-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UB7MGNRMXC5LO5Y66FLOE354VVU5ULQK/"
}
],
"source_lang": "en-US",
"title": "JFrog Artifactory: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-12T22:00:00.000+00:00",
"generator": {
"date": "2025-10-13T09:29:51.555+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2022-1375",
"initial_release_date": "2022-09-11T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-09-11T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-10-03T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2022-10-04T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-12T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-12-20T23:00:00.000+00:00",
"number": "5",
"summary": "Referenz(en) aufgenommen: FEDORA-2022-DB674BAFD9, FEDORA-2022-7E327A20BE"
},
{
"date": "2023-09-14T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-10-12T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "JFrog Artifactory",
"product": {
"name": "JFrog Artifactory",
"product_id": "T024527",
"product_identification_helper": {
"cpe": "cpe:/a:jfrog:artifactory:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.46.3",
"product": {
"name": "JFrog Artifactory \u003c7.46.3",
"product_id": "T024764"
}
},
{
"category": "product_version",
"name": "7.46.3",
"product": {
"name": "JFrog Artifactory 7.46.3",
"product_id": "T024764-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:jfrog:artifactory:7.46.3"
}
}
}
],
"category": "product_name",
"name": "Artifactory"
}
],
"category": "vendor",
"name": "JFrog"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-4517",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2013-4517"
},
{
"cve": "CVE-2013-7285",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2013-7285"
},
{
"cve": "CVE-2014-0107",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2014-0107"
},
{
"cve": "CVE-2014-0114",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2014-0114"
},
{
"cve": "CVE-2014-3577",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2014-3577"
},
{
"cve": "CVE-2014-3623",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2014-3623"
},
{
"cve": "CVE-2015-0227",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2015-0227"
},
{
"cve": "CVE-2015-2575",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2015-2575"
},
{
"cve": "CVE-2015-3253",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2015-3253"
},
{
"cve": "CVE-2015-4852",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2015-4852"
},
{
"cve": "CVE-2015-7940",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2015-7940"
},
{
"cve": "CVE-2016-10750",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2016-10750"
},
{
"cve": "CVE-2016-3092",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2016-3092"
},
{
"cve": "CVE-2016-3674",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2016-3674"
},
{
"cve": "CVE-2016-6501",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2016-6501"
},
{
"cve": "CVE-2016-8735",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2016-8735"
},
{
"cve": "CVE-2016-8745",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2016-8745"
},
{
"cve": "CVE-2017-1000487",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2017-1000487"
},
{
"cve": "CVE-2017-15095",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2017-15095"
},
{
"cve": "CVE-2017-17485",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2017-17485"
},
{
"cve": "CVE-2017-18214",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2017-18214"
},
{
"cve": "CVE-2017-18640",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2017-18640"
},
{
"cve": "CVE-2017-7525",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2017-7525"
},
{
"cve": "CVE-2017-7657",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2017-7657"
},
{
"cve": "CVE-2017-7957",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2017-7957"
},
{
"cve": "CVE-2017-9506",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2017-9506"
},
{
"cve": "CVE-2018-1000206",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2018-1000206"
},
{
"cve": "CVE-2018-9116",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2018-9116"
},
{
"cve": "CVE-2019-10219",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2019-10219"
},
{
"cve": "CVE-2019-12402",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2019-12402"
},
{
"cve": "CVE-2019-17359",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2019-17359"
},
{
"cve": "CVE-2019-17571",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2019-17571"
},
{
"cve": "CVE-2019-20104",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2019-20104"
},
{
"cve": "CVE-2020-11996",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-11996"
},
{
"cve": "CVE-2020-13934",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-13934"
},
{
"cve": "CVE-2020-13935",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-13935"
},
{
"cve": "CVE-2020-13949",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-13949"
},
{
"cve": "CVE-2020-14340",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-14340"
},
{
"cve": "CVE-2020-15586",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-15586"
},
{
"cve": "CVE-2020-1745",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-1745"
},
{
"cve": "CVE-2020-17521",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-17521"
},
{
"cve": "CVE-2020-25649",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-25649"
},
{
"cve": "CVE-2020-28500",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-28500"
},
{
"cve": "CVE-2020-29582",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-29582"
},
{
"cve": "CVE-2020-36518",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-36518"
},
{
"cve": "CVE-2020-7226",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-7226"
},
{
"cve": "CVE-2020-7692",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-7692"
},
{
"cve": "CVE-2020-8203",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2020-8203"
},
{
"cve": "CVE-2021-13936",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-13936"
},
{
"cve": "CVE-2021-21290",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-21290"
},
{
"cve": "CVE-2021-22060",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-22060"
},
{
"cve": "CVE-2021-22112",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-22112"
},
{
"cve": "CVE-2021-22119",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-22119"
},
{
"cve": "CVE-2021-22147",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-22147"
},
{
"cve": "CVE-2021-22148",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-22148"
},
{
"cve": "CVE-2021-22149",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-22149"
},
{
"cve": "CVE-2021-22573",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-22573"
},
{
"cve": "CVE-2021-23337",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-23337"
},
{
"cve": "CVE-2021-25122",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-25122"
},
{
"cve": "CVE-2021-26291",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-26291"
},
{
"cve": "CVE-2021-27568",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-27568"
},
{
"cve": "CVE-2021-29505",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-29505"
},
{
"cve": "CVE-2021-30129",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-30129"
},
{
"cve": "CVE-2021-33037",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-33037"
},
{
"cve": "CVE-2021-35550",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-35550"
},
{
"cve": "CVE-2021-35556",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-35556"
},
{
"cve": "CVE-2021-35560",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-35560"
},
{
"cve": "CVE-2021-35561",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-35561"
},
{
"cve": "CVE-2021-35564",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-35564"
},
{
"cve": "CVE-2021-35565",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-35565"
},
{
"cve": "CVE-2021-35567",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-35567"
},
{
"cve": "CVE-2021-35578",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-35578"
},
{
"cve": "CVE-2021-35586",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-35586"
},
{
"cve": "CVE-2021-35588",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-35588"
},
{
"cve": "CVE-2021-35603",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-35603"
},
{
"cve": "CVE-2021-36374",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-36374"
},
{
"cve": "CVE-2021-3765",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-3765"
},
{
"cve": "CVE-2021-3807",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-3807"
},
{
"cve": "CVE-2021-38561",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-38561"
},
{
"cve": "CVE-2021-3859",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-3859"
},
{
"cve": "CVE-2021-41090",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-41090"
},
{
"cve": "CVE-2021-41091",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-41091"
},
{
"cve": "CVE-2021-42340",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-42340"
},
{
"cve": "CVE-2021-42550",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-42550"
},
{
"cve": "CVE-2021-43797",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2021-43797"
},
{
"cve": "CVE-2022-0536",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-0536"
},
{
"cve": "CVE-2022-22963",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-22963"
},
{
"cve": "CVE-2022-23632",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-23632"
},
{
"cve": "CVE-2022-23648",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-23648"
},
{
"cve": "CVE-2022-23806",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-23806"
},
{
"cve": "CVE-2022-24769",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-24769"
},
{
"cve": "CVE-2022-24823",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-24823"
},
{
"cve": "CVE-2022-27191",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-27191"
},
{
"cve": "CVE-2022-29153",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-29153"
},
{
"cve": "CVE-2022-32212",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-32212"
},
{
"cve": "CVE-2022-32213",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-32213"
},
{
"cve": "CVE-2022-32214",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-32214"
},
{
"cve": "CVE-2022-32215",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-32215"
},
{
"cve": "CVE-2022-32223",
"product_status": {
"known_affected": [
"T024527",
"T002207",
"67646",
"T000126",
"T024764"
]
},
"release_date": "2022-09-11T22:00:00.000+00:00",
"title": "CVE-2022-32223"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…