-
Bug
-
Resolution: Fixed
-
Highest (View bug fix roadmap)
-
None
We have identified and fixed vulnerabilities in JIRA which will allow an attacker to invoke XSS (Cross Site Scripting) attacks and/or obtain escalated account privileges potentially gaining access to the file system. Full details of the severity, risks and vulnerabilities can be found in the JIRA Security Advisory 2010-04-16.
This patch supercedes both JRA-20994 and JRA-20995 with additional fixes and protection for your JIRA instance.
Before applying the patch, please refer to the following documents, in this order:
- How do I determine if my JIRA instance has already been compromised?
- JIRA Security Advisory 2010-04-16
- Instructions for protecting your publicly-facing JIRA instance
Patches
| Version | File |
|---|---|
| 4.1 | patch-JRA-21004-4.1.zip |
| 4.0.2 | patch-JRA-21004-4.0.2.zip |
| 4.0.1 | patch-JRA-21004-4.0.1.zip |
| 4.0 | patch-JRA-21004-4.0.zip |
| 3.13.5 | patch-JRA-21004-3.13.5.zip |
| 3.13.4 | patch-JRA-21004-3.13.4.zip |
| 3.13.3 | patch-JRA-21004-3.13.3.zip |
| 3.13.2 | patch-JRA-21004-3.13.2.zip |
| 3.13.1 | patch-JRA-21004-3.13.1.zip |
| 3.13 | patch-JRA-21004-3.13.zip |
| 3.12.3 | patch-JRA-21004-3.12.3.zip |
| 3.12.2 | patch-JRA-21004-3.12.2.zip |
| 3.12.1 | patch-JRA-21004-3.12.1.zip |
| 3.12 | patch-JRA-21004-3.12.zip |
- details
-
-
- Closed
-
-
-
- Closed
-
- has a regression in
-
-
- Closed
-
- supersedes
-
-
- Closed
-
-
-
- Closed
-