CVE-2023-44384

Name of the Vulnerable Software and Affected Versions Discourse-jira (affected versions not specified)

Description The issue is related to the implementation of the Discourse-jira plugin, which allows for the synchronization of Jira projects, issue types, fields, and field options. An administrator user can perform a Server-Side Request Forgery (SSRF) attack by setting the Jira URL to an arbitrary location and enabling the discourse jira verbose log site setting. A moderator user could manipulate the request path to the Jira API, allowing them to perform arbitrary GET requests using the Jira API credentials, potentially with elevated permissions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.