CVE-2017-5983

Name of the Vulnerable Software and Affected Versions Atlassian JIRA Server versions prior to 6.3.0

Description The issue is related to the improper use of an XML parser and deserializer in the JIRA Workflow Designer Plugin. This allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.

Recommendations For versions prior to 6.3.0, update to version 6.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the JIRA Workflow Designer Plugin until a patch is applied.