SSRF in Discourse-jira plugin via verbose logging
CVE-2023-44384 Published on October 6, 2023

Discourse-Jira could make SSRF attack by setting Jira URL to an arbitrary location
Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the `discourse_jira_verbose_log` site setting. A moderator user could manipulate the request path to the Jira API, allowing them to perform arbitrary GET requests using the Jira API credentials, potentially with elevated permissions, used by the application.

NVD

Vulnerability Analysis

CVE-2023-44384 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

Insufficient Control Flow Management

The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.


Products Associated with CVE-2023-44384

Want to know whenever a new CVE is published for Discourse Jira? stack.watch will email you.

Discourse Jira
 

Affected Versions

discourse-jira Version <= f11be4c is affected by CVE-2023-44384

Exploit Probability

EPSS
0.10%
Percentile
26.72%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.