Rule Category

Alert Message

Rule Explanation

This event its generated when a server side request forgery attempt is made on the /plugins/servlet/gadgets/makeRequest resource in Jira. Impact: Web Application Attack Details: This rule detects the use of an '@' symbol in the URL parameter of the /plugins/servlet/gadgets/makeRequest resource in Jira, which circumvents the URL whitelist check. Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

Additional Links

CVE Additional Information