The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups and requests to arbitrary services as it incorrectly obtained application base url information from the executing http request which could be attacker controlled.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/JRASERVER-72025 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2021-02-22T20:46:59.290734Z
Updated: 2024-09-17T01:22:10.668Z
Reserved: 2021-01-27T00:00:00
Link: CVE-2020-36232
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-02-22T21:15:19.633
Modified: 2024-11-21T05:29:06.657
Link: CVE-2020-36232
Redhat
No data.