-
Bug
-
Resolution: Fixed
-
Highest (View bug fix roadmap)
-
None
-
None
NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.
We have identified and fixed a vulnerability in JIRA's SOAP API that allows an attacker who has a valid JIRA account to overwrite any files that are writeable by the OS user JIRA runs under. This may result in the attacker being able to execute arbitrary Java code in the context of JIRA server.
All versions of JIRA up to and including 5.1.4 are affected by this vulnerability. The vulnerability is fixed in JIRA 5.1.5 and later
For more details see advisory at https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2013-02-21
Patches
| Version | File |
|---|---|
| 5.0.7 | patch-JRA-29786-5.0.7.zip |
| 5.1.4 | patch-JRA-29786-5.1.4.zip |
- relates to
-
-
- Closed
-
- mentioned in
-
![[Atlassian Documentation] Page](/images/icons/generic_link_16.png "[Atlassian Documentation] Page")
Page
No Confluence page found with the given URL.
-
Page Loading...
-
-
-
-
-
-
-
-
-
-
![[Atlassian Documentation] Page](https://confluence.atlassian.com/images/icons/favicon.png "[Atlassian Documentation] Page"){kind=icon}
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|