CVE-2017-18096

Name of the Vulnerable Software and Affected Versions: Atlassian Application Links versions prior to 5.2.7 Atlassian Application Links versions 5.3.0 through 5.3.3 Atlassian Application Links versions 5.4.0 through 5.4.2

Description: The issue allows remote attackers with administrative rights to access internal network resources via a Server Side Request Forgery (SSRF) by creating an OAuth application link to a location they control and then redirecting access from the linked location's OAuth status rest resource to an internal location. This flaw can be used to access a metadata resource that provides access credentials and other potentially confidential information, especially in environments like Amazon EC2.

Recommendations: For versions prior to 5.2.7, update to version 5.2.7 or later. For versions 5.3.0 through 5.3.3, update to version 5.3.4 or later. For versions 5.4.0 through 5.4.2, update to version 5.4.3 or later.