Details
-
Bug
-
Resolution: Fixed
-
Low
-
7.5.0
-
None
-
7.05
-
Severity 2 - Major
-
Description
Summary
The install script for Jira's Azure deployment doesn't properly escape input parameters. If a variable contains a dollar sign, it will be incorrectly evaluated by bash, and the value that ends up in the Jira configuration may not be the value specified by the user.
The install script needs to escape parameters properly so that they are always treated as data, not code.
Environment
Jira Software Data Center on Azure (using the official Azure deployment scripts).
Steps to reproduce
Following the deployment instructions in atlassian-azure-deployment, deploy a cluster with a parameter containing a dollar sign (e.g. the database password).
Expected result
Jira starts up correctly and can access the database (the specified password is output correctly in the dbconfig.xml).
Actual result
The database password in dbconfig.xml does not match the input parameter.
Workaround
Manually update the incorrectly created configuration files (e.g. SSH into each node, and update dbconfig.xml with the proper values).