WEB APPLICATION VULNERABILITIES Standard & Premium

Atlassian Jira Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-1165)

Description

Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.

Remediation

References

Related Vulnerabilities

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-37147)

WordPress Plugin Restricted Site Access Security Bypass (7.3.1)

MySQL Other Vulnerability (CVE-1999-1188)

Apache Traffic Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-3249)

Grafana Improper Authentication Vulnerability (CVE-2021-28148)

Severity

Critical

Classification

CVE-2010-1165 CWE-94

Tags

Missing Update Known Vulnerabilities