Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-21004

XSS and Privilege Escalation Vulnerabilities in JIRA

    XMLWordPrintable

    Details

      Description

      We have identified and fixed vulnerabilities in JIRA which will allow an attacker to invoke XSS (Cross Site Scripting) attacks and/or obtain escalated account privileges potentially gaining access to the file system. Full details of the severity, risks and vulnerabilities can be found in the JIRA Security Advisory 2010-04-16.

      This patch supercedes both JRA-20994 and JRA-20995 with additional fixes and protection for your JIRA instance.

      We strongly recommend that all customers apply the attached patch immediately to address these vulnerabilities, even if you have already applied JRA-20994 and JRA-20995.

      Before applying the patch, please refer to the following documents, in this order:

      Patches

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              bbaker ɹǝʞɐq pɐɹq
              Votes:
              0 Vote for this issue
              Watchers:
              20 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: