How severe is CVE-2017-18096?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2017-18096?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2017-18096 - HIGH Severity | CVSS 7.2

Vulnerability Description

The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery (SSRF) by creating an OAuth application link to a location they control and then redirecting access from the linked location's OAuth status rest resource to an internal location. When running in an environment like Amazon EC2, this flaw maybe used to access to a metadata resource that provides access credentials and other potentially confidential information.

Related Vulnerabilities

CVE-2015-7570

HIGH

CVSS:7.2(High)

Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_...

CWE-9182015

CVE-2017-14585

HIGH

CVSS:7.2(High)

A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 ...

CWE-9182017

CVE-2018-13790

HIGH

CVSS:7.2(High)

A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL f...

CWE-9182018

CVE-2018-20499

HIGH

CVSS:7.2(High)

An issue was discovered in GitLab Community and Enterprise Edition before 11.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows SSRF.

CWE-9182018

CVE-2019-19999

HIGH

CVSS:7.2(High)

Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.

CWE-9182019

CVE-2019-7892

HIGH

CVSS:7.2(High)

A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipm...

CWE-9182019