Description

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.

Remediation

References

CVE-2017-5983

Related Vulnerabilities

WordPress Plugin WP Customer Area Cross-Site Scripting (7.4.2)

WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution (4.2997)

MySQL CVE-2022-21356 Vulnerability (CVE-2022-21356)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2100)

WordPress Plugin Membership & Content Restriction-Paid Member Subscriptions Multiple Unspecified Vulnerabilities (1.4.0)

Severity

Critical

Classification

CVE-2017-5983 CWE-502 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities