Description

Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.

Remediation

References

CVE-2010-1165

Related Vulnerabilities

Oracle JRE CVE-2022-21299 Vulnerability (CVE-2022-21299)

WordPress Plugin Page Showcaser Boxes Cross-Site Scripting (1.1)

WordPress Plugin Google Analytics Dashboard Multiple Unspecified Vulnerabilities (2.0.5)

Ruby on Rails Resource Management Errors Vulnerability (CVE-2015-7581)

WordPress Plugin Olevmedia Shortcodes Cross-Site Scripting (1.1.8)

Severity

Critical

Classification

CVE-2010-1165 CWE-94

Tags

Missing Update Known Vulnerabilities