-
Bug
-
Resolution: Fixed
-
Highest
-
None
-
None
NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.
We have identified and fixed a vulnerability in JIRA's SOAP API that allows an attacker who has a valid JIRA account to overwrite any files that are writeable by the OS user JIRA runs under. This may result in the attacker being able to execute arbitrary Java code in the context of JIRA server.
All versions of JIRA up to and including 5.1.4 are affected by this vulnerability. The vulnerability is fixed in JIRA 5.1.5 and later
For more details see advisory at https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2013-02-21
Patches
Version | File |
---|---|
5.0.7 | patch-JRA-29786-5.0.7.zip |
5.1.4 | patch-JRA-29786-5.1.4.zip |
- relates to
-
JRACLOUD-29786 File overwrite via SOAP API
- Closed
- mentioned in
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Wiki Page Loading...
-
Wiki Page Loading...
-
Wiki Page Loading...
-
Wiki Page Loading...
-
Wiki Page Loading...
-
Wiki Page Loading...
-
Wiki Page Loading...
-
Page Loading...
-
Page Loading...
-
Wiki Page Loading...