Atlassian patches full-read SSRF in Jira


Jira, Atlassian’s well-known issue tracking and project management tool, has a server-side request forgery (SSRF) vulnerability that researchers could take advantage of without needing to have access to the system.

Assetnote CTO and founder Shubham Shah wrote in a blog post: “Depending on the setup of the Jira instance, there are different ways to create user accounts on Jira in order to exploit this issue.” Read More…