CVE-2019-20408

Name of the Vulnerable Software and Affected Versions Jira versions prior to 8.7.0

Description The issue allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class. This is related to the /plugins/servlet/gadgets/makeRequest resource.

Recommendations For versions prior to 8.7.0, update to version 8.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the /plugins/servlet/gadgets/makeRequest resource until a patch is applied.