Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-21004

XSS and Privilege Escalation Vulnerabilities in JIRA

XMLWordPrintable

      We have identified and fixed vulnerabilities in JIRA which will allow an attacker to invoke XSS (Cross Site Scripting) attacks and/or obtain escalated account privileges potentially gaining access to the file system. Full details of the severity, risks and vulnerabilities can be found in the JIRA Security Advisory 2010-04-16.

      This patch supercedes both JRA-20994 and JRA-20995 with additional fixes and protection for your JIRA instance.

      We strongly recommend that all customers apply the attached patch immediately to address these vulnerabilities, even if you have already applied JRA-20994 and JRA-20995.

      Before applying the patch, please refer to the following documents, in this order:

      Patches

        1. SysInfoPatch.png
          22 kB
          Bogdan Dziedzic [Atlassian]

              Unassigned Unassigned
              bbaker ɹǝʞɐq pɐɹq
              Votes:
              0 Vote for this issue
              Watchers:
              21 Start watching this issue

                Created:
                Updated:
                Resolved: