JIRA Security Advisory 2014-02-26

Description

This advisory details critical security vulnerabilities that we have found in JIRA and fixed in recent versions of JIRA. These vulnerabilities affect all versions of JIRA up to and including 6.1.3.

Issue 1: Path traversal in JIRA Issue Collector plugin (Windows only)
Issue 2: Path traversal in JIRA Importers plugin (Windows only)
Issue 3: Privilege escalation

Remediation

Customers who have downloaded and installed JIRA should upgrade their existing JIRA installations or apply the patches to fix these vulnerabilities.

References

JIRA Security Advisory 2014-02-26

Related Vulnerabilities

WordPress Plugin Image Optimizer by 10web-Image Optimizer and Compression Directory Traversal (1.0.25)

WordPress Plugin Chat Room Directory Traversal (0.1.2)

WordPress Plugin WP-Client Lite::Client Portals, File Sharing, Messaging & Invoicing Local File Inclusion (1.1.1)

phpMyAdmin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2011-2643)

WordPress Plugin Adavnced Video embed Local File Inclusion (1.0)

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N