Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-64077

Multiple Vulnerabilities in JIRA Workflow Servlet

    XMLWordPrintable

    Details

      Description

      Affected Versions
      4.2.4 <= version < 6.3.0

      An anonymous user can perform multiple attacks on a vulnerable JIRA instance that could cause remote code execution, the disclosure of private files or execute a denial of service attack against the JIRA server. This vulnerability is caused by the way an XML parser and deserializer was used in JIRA.

      For additional details see the full advisory.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                mhart@atlassian.com Matthew Hart
                Reporter:
                mhart@atlassian.com Matthew Hart
              • Votes:
                0 Vote for this issue
                Watchers:
                14 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: