[JRASERVER-70407] Jira on Windows was vulnerable to DLL hijacking - CVE-2019-20400 - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Low
Resolution: Fixed
Affects Version/s: 8.3.2
Fix Version/s: 8.5.2, 8.6.0
Component/s: Data Center - Installer, Installation
Labels:

Fixed in Long Term Support Release/s:

Download 8.5
Introduced in Version:
8.03
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability.

Acknowledgment

We would like to thank Peleg Hadar of SafeBreach Labs for reporting this vulnerability.

Attachments

Issue Links

mentioned in: Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 17/Dec/2019 3:19 AM

Updated:: 22/May/2020 8:23 AM

Resolved:: 17/Dec/2019 3:20 AM