Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 5.1.1
Affects Version/s: None
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.

We have identified and fixed 2 open redirect vulnerabilities that affect JIRA instances, including publicly available instances (that is, Internet-facing servers).

Parameter-based redirection vulnerabilities allow an attacker to craft a JIRA URL in such a way that a user clicking on this URL will be redirected to a different web site. This can be used for phishing.

These vulnerabilities affect JIRA 4.3.3 and above, and have been fixed in JIRA 5.1.1.

More information is available in the advisory at https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-08-28

Attachments

Issue Links

relates to

JRACLOUD-29400 Open Redirect vulnerabilities

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...

(9 mentioned in)

Activity

People

Assignee:: VitalyA

Reporter:: VitalyA

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 20/Aug/2012 3:56 AM

Updated:: 04/Feb/2021 12:04 AM

Resolved:: 20/Aug/2012 3:57 AM