Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-22493

Patches for XSS / XSRF vulnerabilities

    XMLWordPrintable

Details

    Description

      We have identified and fixed vulnerabilities in JIRA 4.2 which will allow an attacker to invoke XSS (Cross Site Scripting) attacks and/or Cross Site Request Forgery (XSRF) attacks. Full details of the severity, risks and vulnerabilities can be found in the JIRA Security Advisory 2010-11-06.

      The patches below should be applied. Please note that all Studio instances are not vulnerable at the time of this disclosure.

      Note these patches are cumulative and include the fixes that were applied in JRA-21004,

      Patches

      Version File
      3.13.5 patch-JRA-22493-3.13.5.zip
      4.0.2 patch-JRA-22493-4.0.2.zip
      4.1.2 patch-JRA-22493-4.1.2.zip
      4.2 patch-JRA22493-4.2.zip

      Attachments

        Issue Links

          was cloned as

          Bug - A problem which impairs or prevents the functions of the product. JRASERVER-22545 Source Patches for XSS/XSRF vulnerabilities

          • Low - Low priority issues
          • Closed

          Activity

            People

              pleschev Peter Leschev
              jwinters tier-0 grump
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: