[JRASERVER-27719] XML Vulnerability in JIRA

Type: Bug
Resolution: Fixed
Priority: Medium (View bug fix roadmap)
Fix Version/s: 5.0.1
Affects Version/s: 5.0
Component/s: None
Labels:

Introduced in Version:
5
Bug Fix Policy:
View Atlassian Server bug fix policy

We have identified and fixed a vulnerability in JIRA that results from the way third-party XML parsers are used in JIRA. This vulnerability allows an attacker who is an authenticated JIRA user to execute denial of service attacks against the JIRA server.

All versions of JIRA up to and including 5.0.0 are affected.

Full details of the severity, risks and vulnerability can be found in the JIRA Security Advisory 2012-05-17.

mentioned in: JIRA Security Advisory 2012-05-17; JIRA Security Advisory 2012-05-17; Page No Confluence page found with the given URL.; JIRA Security Advisory 2012-05-17; JIRA Security Advisory 2012-05-17; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Page Loading...; Wiki Page Loading...

(8 mentioned in)

VitalyA added a comment - 07/May/2012 1:04 AM

For patches and instructions, please see the advisory (link above).

VitalyA added a comment - 07/May/2012 1:04 AM For patches and instructions, please see the advisory (link above).

Assignee:: VitalyA

Reporter:: Andrew

Affected customers:: 0 This affects my team

Watchers:: 4 Start watching this issue

Created:: 30/Mar/2012 3:47 AM

Updated:: 03/Feb/2021 11:51 PM

Resolved:: 17/May/2012 5:22 AM

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: VitalyA added a comment - 07/May/2012 1:04 AM

Expand comment: VitalyA added a comment - 07/May/2012 1:04 AM

People

Dates