Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 6.0.5
Affects Version/s: None
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.

We have identified and fixed a vulnerability in JIRA which allowed unauthenticated users to create files in any valid directory inside JIRA install. In order to exploit this vulnerability, an attacker requires access to JIRA web interface.

This issue only affects JIRA servers running on Windows OS. It is not exploitable on Linux and OSX systems.

The vulnerability affects all supported versions of JIRA up to and including 6.0.4. It has been fixed in 6.0.5.

For more information, see our security advisory.

Attachments

Issue Links

relates to

JRACLOUD-36441 Path traversal in JIRA Importers plugin (Windows only)

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(3 mentioned in)

Activity

People

Assignee:: Unassigned

Reporter:: Renan Battaglin

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 10/Jan/2014 12:41 AM

Updated:: 04/Feb/2021 12:04 AM

Resolved:: 13/Feb/2014 12:56 AM