Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 5.1.5, 5.2-m05
Affects Version/s: None
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.

We have identified and fixed a vulnerability in JIRA's SOAP API that allows an attacker who has a valid JIRA account to overwrite any files that are writeable by the OS user JIRA runs under. This may result in the attacker being able to execute arbitrary Java code in the context of JIRA server.

All versions of JIRA up to and including 5.1.4 are affected by this vulnerability. The vulnerability is fixed in JIRA 5.1.5 and later

For more details see advisory at https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2013-02-21

Patches

Version	File
5.0.7	patch-JRA-29786-5.0.7.zip
5.1.4	patch-JRA-29786-5.1.4.zip

Attachments

Issue Links

relates to

JRACLOUD-29786 File overwrite via SOAP API

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Wiki Page Loading...; Page Loading...; Page Loading...; Wiki Page Loading...

(11 mentioned in)

Activity

People

Assignee:: ChrisA

Reporter:: Eric Dalgliesh

Votes:: 0 Vote for this issue

Watchers:: 16 Start watching this issue

Dates

Created:: 19/Sep/2012 5:55 AM

Updated:: 04/Feb/2021 12:03 AM

Resolved:: 21/Feb/2013 11:46 PM