Uploaded image for project: 'Jira Cloud'
  1. Jira Cloud
  2. JRACLOUD-36442

Path traversal in JIRA Issue Collector plugin (Windows only)

    XMLWordPrintable

Details

    Description

      NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report.

      We have identified and fixed a vulnerability in JIRA which allowed unauthenticated users to create files in any valid directory inside JIRA install. In order to exploit this vulnerability, an attacker requires access to JIRA web interface.

      This issue only affects JIRA servers running on Windows OS. It is not exploitable on Linux and OSX systems.

      The vulnerability affects all supported versions of JIRA up to and including 6.0.3. It has been fixed in 6.0.4.

      For more information, see our security advisory.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-36442 Path traversal in JIRA Issue Collector plugin (Windows only)

          • Medium - Medium priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              rbattaglin Renan Battaglin
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: