Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-35797

Privilege escalation

    XMLWordPrintable

Details

    Description

      NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.

      We have identified and fixed a vulnerability in JIRA which allowed unauthenticated attackers to commit actions on behalf of any other authorised user. In order to exploit this vulnerability, an attacker requires access to JIRA web interface.

      The vulnerability affects all supported versions of JIRA up to and including 6.1.3. It has been fixed in 6.1.4.

      For more information, see our security advisory.

      Patches are available at

      JIRA 4.4.5: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-4.4.5-20140303.zip
      JIRA 5.0.7: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-5.0.7-20140303.zip
      JIRA 5.1.8: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-5.1.8.zip
      JIRA 5.2.11: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-5.2.11-20140303.zip
      JIRA 6.0.8: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-6.0.8.zip

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              rbattaglin Renan Battaglin
              Votes:
              0 Vote for this issue
              Watchers:
              32 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: