PT-2010-2877 · Atlassian · Jira
Eren Türkay
·
Published
2010-04-20
·
Updated
2017-08-17
·
CVE-2010-1165
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Atlassian JIRA versions 3.12 through 4.1
Description
The issue allows remote authenticated administrators to execute arbitrary code by modifying certain paths and then uploading a file. This has been exploited in the wild.
Recommendations
For versions 3.12 through 4.1, update to a version that contains a fix for this issue to prevent arbitrary code execution. As a temporary workaround, consider restricting file uploads and modifying the attachment, index, and backup paths to minimize the risk of exploitation.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jira