Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-21004

XSS and Privilege Escalation Vulnerabilities in JIRA


      We have identified and fixed vulnerabilities in JIRA which will allow an attacker to invoke XSS (Cross Site Scripting) attacks and/or obtain escalated account privileges potentially gaining access to the file system. Full details of the severity, risks and vulnerabilities can be found in the JIRA Security Advisory 2010-04-16.

      This patch supercedes both JRA-20994 and JRA-20995 with additional fixes and protection for your JIRA instance.

      We strongly recommend that all customers apply the attached patch immediately to address these vulnerabilities, even if you have already applied JRA-20994 and JRA-20995.

      Before applying the patch, please refer to the following documents, in this order:


            Unassigned Unassigned
            bbaker ɹǝʞɐq pɐɹq
            0 Vote for this issue
            21 Start watching this issue