Description
This advisory details critical security vulnerabilities that we have found in JIRA and fixed in recent versions of JIRA. These vulnerabilities affect all versions of JIRA up to and including 6.1.3.
- Issue 1: Path traversal in JIRA Issue Collector plugin (Windows only)
- Issue 2: Path traversal in JIRA Importers plugin (Windows only)
- Issue 3: Privilege escalation
Remediation
Customers who have downloaded and installed JIRA should upgrade their existing JIRA installations or apply the patches to fix these vulnerabilities.
References
Related Vulnerabilities
WordPress Plugin WP Custom Pages 'url' Parameter Local File Disclosure (0.5.0.1)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Directory Traversal (1.3.42)
WordPress Plugin Ajax Pagination (twitter Style) Local File Inclusion (1.1)
WordPress Plugin WP Mobile Edition Arbitrary File Disclosure (2.2.7)
WordPress Plugin Download Shortcode Arbitrary File Disclosure (0.1)