[JRASERVER-23842] JIRA 4.1.2 Patch for JIRA Security Advisory 2011-02-21 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Deployed
Priority: Highest (View bug fix roadmap)
Fix Version/s: Bugfix Release
Affects Version/s: 4.1.2
Component/s: None
Labels:
- affects-server

Introduced in Version:
4.01
Bug Fix Policy:
View Atlassian Server bug fix policy

We have identified and fixed a parameter based redirection vulnerability in JIRA 4.1.2 which could allow an attacker to redirect requests. Full details of the severity, risks and vulnerabilities can be found in the JIRA Security Advisory 2011-02-21.

The patch below should be applied. Please note that all Studio instances are not vulnerable at the time of this disclosure.

Note this patch is cumulative and includes the fixes that were applied in ~~JRA-22493~~,

Patch

Version	File
4.1.2	patch-JRA-23842-4.1.2-a.zip

Instructions on how to apply the patch are included in the zip file

Assignee:: VitalyA

Reporter:: Peter Leschev

Affected customers:: 0 This affects my team

Watchers:: 1 Start watching this issue

Created:: 03/Mar/2011 3:06 AM

Updated:: 28/Mar/2019 12:01 AM

Resolved:: 23/Mar/2011 5:52 PM

Details

Description

Patch

Attachments

Forms

Activity

People

Dates