Rule Category

Alert Message

Rule Explanation

This event its generated when a server side request forgery attempt is made on the /plugins/servlet/gadgets/makeRequest resource in Jira. Impact: Web Application Attack Details: This rule detects the use of an '@' symbol in the URL parameter of the /plugins/servlet/gadgets/makeRequest resource in Jira, which circumvents the URL whitelist check. Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives


MITRE ATT&CK Framework



For reference, see the MITRE ATT&CK vulnerability types here:

Additional Links

CVE Additional Information