Description

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.

Remediation

References

CVE-2017-5983

Related Vulnerabilities

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-1615)

WordPress Plugin My Link Order Cross-Site Scripting (4.3)

WordPress Plugin Cool Timeline (Horizontal & Vertical Timeline) Cross-Site Request Forgery (2.0.2)

osCommerce Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-18572)

WordPress Plugin Clean Login Unspecified Vulnerability (1.8)

Severity

Critical

Classification

CVE-2017-5983 CWE-502 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities