We have identified and fixed vulnerabilities in JIRA which will allow an attacker to invoke XSS (Cross Site Scripting) attacks and/or obtain escalated account privileges potentially gaining access to the file system. Full details of the severity, risks and vulnerabilities can be found in the JIRA Security Advisory 2010-04-16.
Before applying the patch, please refer to the following documents, in this order:
- How do I determine if my JIRA instance has already been compromised?
- JIRA Security Advisory 2010-04-16
- Instructions for protecting your publicly-facing JIRA instance