Description

This advisory details critical security vulnerabilities that we have found in JIRA and fixed in recent versions of JIRA. These vulnerabilities affect all versions of JIRA up to and including 5.1.4.

  • Issue 1: File Overwrite Vulnerability

Remediation

Customers who have downloaded and installed JIRA should upgrade their existing JIRA installations or apply the patches to fix these vulnerabilities.

References

JIRA Security Advisory 2013-02-21

Related Vulnerabilities

Yii debug mode enabled

Unrestricted access to Prometheus

IBM WebSphere administration console weak password

Gitlab user disclosure

WordPress Plugin Insert Pages Directory Traversal (3.2.3)

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality Configuration Arbitrary File Creation