CVE-2018-13404

Name of the Vulnerable Software and Affected Versions Atlassian Jira versions 7.6.9 and earlier Atlassian Jira versions 7.7.0 through 7.7.4 Atlassian Jira versions 7.8.0 through 7.8.4 Atlassian Jira versions 7.9.0 through 7.9.2 Atlassian Jira versions 7.10.0 through 7.10.2 Atlassian Jira versions 7.11.0 through 7.11.2 Atlassian Jira versions 7.12.0 through 7.12.2 Atlassian Jira versions 7.13.0

Description The VerifyPopServerConnection resource in Atlassian Jira allows remote attackers with administrator rights to determine the existence of internal hosts and open ports, and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability.

Recommendations For Atlassian Jira versions 7.6.9 and earlier, update to version 7.6.10 or later. For Atlassian Jira versions 7.7.0 through 7.7.4, update to version 7.7.5 or later. For Atlassian Jira versions 7.8.0 through 7.8.4, update to version 7.8.5 or later. For Atlassian Jira versions 7.9.0 through 7.9.2, update to version 7.9.3 or later. For Atlassian Jira versions 7.10.0 through 7.10.2, update to version 7.10.3 or later. For Atlassian Jira versions 7.11.0 through 7.11.2, update to version 7.11.3 or later. For Atlassian Jira versions 7.12.0 through 7.12.2, update to version 7.12.3 or later. For Atlassian Jira versions 7.13.0, update to version 7.13.1 or later.