-
Bug
-
Resolution: Fixed
-
Highest (View bug fix roadmap)
-
None
-
None
NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.
We have identified and fixed a vulnerability in JIRA which allowed unauthenticated attackers to commit actions on behalf of any other authorised user. In order to exploit this vulnerability, an attacker requires access to JIRA web interface.
The vulnerability affects all supported versions of JIRA up to and including 6.1.3. It has been fixed in 6.1.4.
For more information, see our security advisory.
Patches are available at
JIRA 4.4.5: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-4.4.5-20140303.zip
JIRA 5.0.7: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-5.0.7-20140303.zip
JIRA 5.1.8: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-5.1.8.zip
JIRA 5.2.11: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-5.2.11-20140303.zip
JIRA 6.0.8: http://downloads.atlassian.com/software/jira/downloads/patch/patch-JRA-35797-6.0.8.zip
- relates to
-
-
- Closed
-
- was cloned as
-
-
- Closed
-
- is cloned from
-
TRUST-36 Failed to load
![[Atlassian Documentation] Page](https://confluence.atlassian.com/images/icons/favicon.png "[Atlassian Documentation] Page"){kind=icon}