Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-29786

File overwrite via SOAP API

XMLWordPrintable

      NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.

      We have identified and fixed a vulnerability in JIRA's SOAP API that allows an attacker who has a valid JIRA account to overwrite any files that are writeable by the OS user JIRA runs under. This may result in the attacker being able to execute arbitrary Java code in the context of JIRA server.

      All versions of JIRA up to and including 5.1.4 are affected by this vulnerability. The vulnerability is fixed in JIRA 5.1.5 and later

      For more details see advisory at https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2013-02-21

      Patches

              clepetit ChrisA
              edalgliesh Eric Dalgliesh
              Votes:
              0 Vote for this issue
              Watchers:
              16 Start watching this issue

                Created:
                Updated:
                Resolved: