-
Bug
-
Resolution: Fixed
-
Medium (View bug fix roadmap)
-
None
-
None
NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.
We have identified and fixed a vulnerability in JIRA which allowed unauthenticated users to create files in any valid directory inside JIRA install. In order to exploit this vulnerability, an attacker requires access to JIRA web interface.
This issue only affects JIRA servers running on Windows OS. It is not exploitable on Linux and OSX systems.
The vulnerability affects all supported versions of JIRA up to and including 6.0.3. It has been fixed in 6.0.4.
For more information, see our security advisory.
- relates to
-
JRACLOUD-36442 Path traversal in JIRA Issue Collector plugin (Windows only)
-
- Closed
-
- mentioned in
-
Page No Confluence page found with the given URL.
-
Page Loading...
-
Page Loading...
-
Page Loading...
Path traversal in JIRA Issue Collector plugin (Windows only)
-
Bug
-
Resolution: Fixed
-
Medium
-
None
-
None
NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report.
We have identified and fixed a vulnerability in JIRA which allowed unauthenticated users to create files in any valid directory inside JIRA install. In order to exploit this vulnerability, an attacker requires access to JIRA web interface.
This issue only affects JIRA servers running on Windows OS. It is not exploitable on Linux and OSX systems.
The vulnerability affects all supported versions of JIRA up to and including 6.0.3. It has been fixed in 6.0.4.
For more information, see our security advisory.