Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-64077

Multiple Vulnerabilities in JIRA Workflow Servlet

    XMLWordPrintable

Details

    Description

      Affected Versions
      4.2.4 <= version < 6.3.0

      An anonymous user can perform multiple attacks on a vulnerable JIRA instance that could cause remote code execution, the disclosure of private files or execute a denial of service attack against the JIRA server. This vulnerability is caused by the way an XML parser and deserializer was used in JIRA.

      For additional details see the full advisory.

      Attachments

        Issue Links

          Activity

            People

              mhart@atlassian.com Matt Hart
              mhart@atlassian.com Matt Hart
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: