CVE-2010-1165

Name of the Vulnerable Software and Affected Versions Atlassian JIRA versions 3.12 through 4.1

Description The issue allows remote authenticated administrators to execute arbitrary code by modifying certain paths and then uploading a file. This has been exploited in the wild.

Recommendations For versions 3.12 through 4.1, update to a version that contains a fix for this issue to prevent arbitrary code execution. As a temporary workaround, consider restricting file uploads and modifying the attachment, index, and backup paths to minimize the risk of exploitation.