JIRA Security Advisory 2013-02-21

Description

This advisory details critical security vulnerabilities that we have found in JIRA and fixed in recent versions of JIRA. These vulnerabilities affect all versions of JIRA up to and including 5.1.4.

Issue 1: File Overwrite Vulnerability

Remediation

Customers who have downloaded and installed JIRA should upgrade their existing JIRA installations or apply the patches to fix these vulnerabilities.

References

JIRA Security Advisory 2013-02-21

Related Vulnerabilities

TRACE/TRACK Method Detected

GraphQL Non-JSON Queries over POST: Potential CSRF Vulnerability

WordPress Plugin Consulting Elementor Widgets Local File Inclusion (1.3.0)

WordPress Plugin Thinkun Remind 'dirPath' Parameter Information Disclosure (1.1.3)

Consul API publicly exposed

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N