Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Low
    • Resolution: Answered
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:

      Description

      This applies to all Atlassian products that may use the commons collections:
      There is a longstanding, unpatched unserialize vulnerability in the commons-collections Java library that allows remote code execution. More details here: http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#thevulnerability

      Only JIRA instances with a Data Center license are vulnerable through ehcache RMI, which is used for clustering, and by default listens on port 40001. Ensure that you only permit cluster nodes to connect to a JIRA Data Center instance's ehcache RMI port  through the use of a firewall and/or network segregation.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                it601 CK IT
              • Votes:
                8 Vote for this issue
                Watchers:
                46 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: