Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-64077

Multiple Vulnerabilities in JIRA Workflow Servlet

    XMLWordPrintable

    Details

      Description

      Affected Versions
      4.2.4 <= version < 6.3.0

      An anonymous user can perform multiple attacks on a vulnerable JIRA instance that could cause remote code execution, the disclosure of private files or execute a denial of service attack against the JIRA server. This vulnerability is caused by the way an XML parser and deserializer was used in JIRA.

      For additional details see the full advisory.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mhart@atlassian.com Matthew Hart
              Reporter:
              mhart@atlassian.com Matthew Hart
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: