Description

Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.

Remediation

References

CVE-2017-18101

Related Vulnerabilities

phpMyFAQ Other Vulnerability (CVE-2006-6913)

WordPress Plugin WP e-Commerce Predictive Search Cross-Site Scripting (1.1.1)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-5732)

Drupal Inefficient Regular Expression Complexity Vulnerability (CVE-2022-24729)

MySQL CVE-2020-14868 Vulnerability (CVE-2020-14868)

Severity

Medium

Classification

CVE-2017-18101 CWE-862

Tags

Missing Update Known Vulnerabilities