CVE-2017-18113

Name of the Vulnerable Software and Affected Versions Jira Server and Jira Data Center versions prior to 8.18.1

Description The issue allows remote attackers to execute arbitrary code via a Remote Code Execution (RCE) vulnerability, by tricking a system administrator into importing a malicious workflow. This is possible due to the usage of various problematic OSWorkflow classes as part of workflows. The fix for this issue blocks the usage of unsafe conditions, validators, functions, and registers built into the OSWorkflow library and other Jira dependencies. It is noted that Atlassian-made functions or functions provided by 3rd party plugins are not affected by this fix.

Recommendations For versions prior to 8.18.1, update to version 8.18.1 or later to resolve the issue. As a temporary workaround, consider restricting the import of workflows to trusted sources until the update is applied.