PT-2023-8658 · Atlassian · Jira
Rodrigo Gava
·
Published
2023-11-07
·
Updated
2023-11-15
·
CVE-2023-42361
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Better PDF Exporter for Jira Server and Jira Data Center versions 10.3.0 and before
Description
The issue is related to insufficient server-side request validation in the Better PDF Exporter plugin for Atlassian Jira Server and Data Center. This can be exploited to view arbitrary files, potentially leading to other impacts. The vulnerability is exploited via the use of a crafted image during PDF export.
Recommendations
For versions 10.3.0 and before, consider disabling the Better PDF Exporter plugin until a patch is available to prevent exploitation. Restrict access to sensitive files and directories to minimize the risk of arbitrary file viewing.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jira