This advisory details critical security vulnerabilities that we have found in JIRA and fixed in recent versions of JIRA. These vulnerabilities affect all versions of JIRA up to and including 6.1.3.
- Issue 1: Path traversal in JIRA Issue Collector plugin (Windows only)
- Issue 2: Path traversal in JIRA Importers plugin (Windows only)
- Issue 3: Privilege escalation
- Customers who have downloaded and installed JIRA should upgrade their existing JIRA installations or apply the patches to fix these vulnerabilities.
- IIS extended unicode directory traversal vulnerability
- WordPress Plugin WP Payeezy Pay Local File Inclusion (2.97)
- WordPress Plugin Recent Backups Arbitrary File Download (0.7)
- WordPress Plugin SAM Pro (Free Edition) Local File Inclusion (22.214.171.124)
- WordPress Plugin CP Image Store with Slideshow Arbitrary File Download (1.0.5)