CVE-2019-8451

The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network...

Basic Information

CVE State: PUBLISHED
Reserved Date: February 18, 2019
Published Date: September 11, 2019
Last Updated: September 16, 2024
Vendor: Atlassian
Product: Jira
Description: The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.
Tags

CVSS Scores

CVSS v3.1

6.5 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS v2.0

6.4

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploit Status

Proof of Concept Available: Yes (added 2019-09-26 05:06:11 UTC) Source

References

https://jira.atlassian.com/browse/JRASERVER-69793

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2026-04-23 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-8451.yaml	2025-04-25 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

h0ffayyy/Jira-CVE-2019-8451

Type: github • Created: 2019-09-28 01:01:26 UTC • Stars: 6

POC to check for Jira instances vulnerable to CVE-2019-8451

jas502n/CVE-2019-8451

Type: github • Created: 2019-09-26 05:06:11 UTC • Stars: 31

Jira未授权SSRF漏洞

ianxtianxt/CVE-2019-8451

Type: github • Created: 2019-09-24 11:38:20 UTC • Stars: 1

0xbug/CVE-2019-8451

Type: github • Created: 2019-09-16 10:39:40 UTC • Stars: 10

https://jira.atlassian.com/browse/JRASERVER-69793

Timeline

CVE ID Reserved

February 18, 2019
CVE Published to Public

September 11, 2019
Proof of Concept Exploit Available

September 26, 2019
Detected by Nuclei

April 25, 2025
Added to KEVIntel

April 23, 2026