[JRASERVER-67107] Missing authentication checks in various administrative system import resources - CVE-2017-18101 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Medium (View bug fix roadmap)
Fix Version/s: 7.9.0, 7.6.6, 7.7.4, 7.8.4
Affects Version/s: 7.6.0, 7.7.0, 7.8.0
Component/s: Backup & Restore (non-migration)
Labels:

Fixed in Long Term Support Release/s:

Download 7.6
Introduced in Version:
7.06
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.

mentioned in: Page Failed to load

set-jac-bot made changes - 22/May/2020 8:25 AM

Fixed in Enterprise Release/s

New: [Download 7.6|https://confluence.atlassian.com/enterprise/atlassian-enterprise-releases-948227420.html]

Bugfix Automation Bot made changes - 28/Mar/2019 12:24 AM

Minimum Version

New: 7.06

Andy Nguyen (Inactive) made changes - 19/Nov/2018 8:49 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 399092 ]

Owen made changes - 16/Oct/2018 12:55 AM

Workflow	Original: JAC Bug Workflow v2 [ 2835668 ]	New: JAC Bug Workflow v3 [ 2925352 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Owen made changes - 25/Sep/2018 4:16 AM

Symptom Severity

Original: Major [ 14431 ]

New: Severity 2 - Major [ 15831 ]

Owen made changes - 25/Sep/2018 12:32 AM

Workflow	Original: JIRA Bug Workflow w Kanban v7 - Restricted [ 2655234 ]	New: JAC Bug Workflow v2 [ 2835668 ]
Status	Original: Closed [ 6 ]	New: Resolved [ 5 ]

Kamil Kolonko made changes - 07/May/2018 1:52 PM

Fix Version/s		New: 7.6.6 [ 79690 ]
Fix Version/s		New: 7.7.4 [ 79791 ]
Fix Version/s		New: 7.8.4 [ 79794 ]
Fix Version/s	Original: 7.7.3 [ 78309 ]
Fix Version/s	Original: 7.6.5 [ 78515 ]
Fix Version/s	Original: 7.8.3 [ 78793 ]

David Black made changes - 10/Apr/2018 3:49 AM

Summary

Original: Sanitised security issue 3e877d88a962d70e7ea481ff77cf780e723bc8e4d8a055be2dcf754aa68b4ed4

New: Missing authentication checks in various administrative system import resources - CVE-2017-18101

David Black made changes - 10/Apr/2018 3:48 AM

Labels

Original: advisory advisory-released authentication basm bugbounty cvss-medium improper-authentication pse-request security triaged

New: CVE-2017-18101 advisory advisory-released authentication basm bugbounty cvss-medium improper-authentication pse-request security triaged

David Black made changes - 10/Apr/2018 3:45 AM

Labels

Original: advisory advisory-to-release authentication basm bugbounty cvss-medium improper-authentication pse-request security triaged

New: advisory advisory-released authentication basm bugbounty cvss-medium improper-authentication pse-request security triaged

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 5 Start watching this issue

Created:: 10/Apr/2018 3:28 AM

Updated:: 22/May/2020 8:25 AM

Resolved:: 10/Apr/2018 3:28 AM

Details

Description

Attachments

Issue Links

Forms

Activity

[JRASERVER-67107] Missing authentication checks in various administrative system import resources - CVE-2017-18101

People

Dates