Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-35797

Privilege escalation

XMLWordPrintable

      NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.

      We have identified and fixed a vulnerability in JIRA which allowed unauthenticated attackers to commit actions on behalf of any other authorised user. In order to exploit this vulnerability, an attacker requires access to JIRA web interface.

      The vulnerability affects all supported versions of JIRA up to and including 6.1.3. It has been fixed in 6.1.4.

      For more information, see our security advisory.

      Patches are available at

      JIRA 4.4.5: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-4.4.5-20140303.zip
      JIRA 5.0.7: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-5.0.7-20140303.zip
      JIRA 5.1.8: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-5.1.8.zip
      JIRA 5.2.11: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-5.2.11-20140303.zip
      JIRA 6.0.8: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-6.0.8.zip

            [JRASERVER-35797] Privilege escalation

            Rachel Robins made changes -
            Remote Link Original: This issue links to "Page (Atlassian Documentation)" [ 102378 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2841741 ] New: JAC Bug Workflow v3 [ 2926965 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JIRA Bug Workflow w Kanban v7 - Restricted [ 2573616 ] New: JAC Bug Workflow v2 [ 2841741 ]
            Status Original: Closed [ 6 ] New: Resolved [ 5 ]
            Ignat (Inactive) made changes -
            Workflow Original: JIRA Bug Workflow w Kanban v6 - Restricted [ 1543059 ] New: JIRA Bug Workflow w Kanban v7 - Restricted [ 2573616 ]
            jonah (Inactive) made changes -
            Description Original: We have identified and fixed a vulnerability in JIRA which allowed unauthenticated attackers to commit actions on behalf of any other authorised user. In order to exploit this vulnerability, an attacker requires access to JIRA web interface.

            The vulnerability affects all supported versions of JIRA up to and including 6.1.3. It has been fixed in 6.1.4.

            For more information, see our [security advisory|https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26].

            Patches are available at

            JIRA 4.4.5: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-4.4.5-20140303.zip
            JIRA 5.0.7: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-5.0.7-20140303.zip
            JIRA 5.1.8: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-5.1.8.zip
            JIRA 5.2.11: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-5.2.11-20140303.zip
            JIRA 6.0.8: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-6.0.8.zip
            		New: {panel:bgColor=#e7f4fa}
              *NOTE:* This bug report is for *JIRA Server*. Using *JIRA Cloud*? [See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-35797].
              {panel}

            We have identified and fixed a vulnerability in JIRA which allowed unauthenticated attackers to commit actions on behalf of any other authorised user. In order to exploit this vulnerability, an attacker requires access to JIRA web interface.

            The vulnerability affects all supported versions of JIRA up to and including 6.1.3. It has been fixed in 6.1.4.

            For more information, see our [security advisory|https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26].

            Patches are available at

            JIRA 4.4.5: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-4.4.5-20140303.zip
            JIRA 5.0.7: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-5.0.7-20140303.zip
            JIRA 5.1.8: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-5.1.8.zip
            JIRA 5.2.11: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-5.2.11-20140303.zip
            JIRA 6.0.8: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-6.0.8.zip
            jonah (Inactive) made changes -
            Link New: This issue relates to JRACLOUD-35797 [ JRACLOUD-35797 ]
            Owen made changes -
            Workflow Original: JIRA Bug Workflow w Kanban v6 [ 679851 ] New: JIRA Bug Workflow w Kanban v6 - Restricted [ 1543059 ]
            Tony Starr made changes -
            Remote Link Original: This issue links to "Page (Atlassian Documentation)" [ 128727 ] New: This issue links to "Page (Atlassian Documentation)" [ 128727 ]
            Tony Starr made changes -
            Remote Link Original: This issue links to "Page (Atlassian Documentation)" [ 128727 ] New: This issue links to "Page (Atlassian Documentation)" [ 128727 ]
            Tony Starr made changes -
            Remote Link Original: This issue links to "Page (Atlassian Documentation)" [ 128727 ] New: This issue links to "Page (Atlassian Documentation)" [ 128727 ]

              Unassigned Unassigned
              rbattaglin Renan Battaglin
              Affected customers:
              0 This affects my team
              Watchers:
              32 Start watching this issue

                Created:
                Updated:
                Resolved: