Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-70407

Jira on Windows was vulnerable to DLL hijacking - CVE-2019-20400

    XMLWordPrintable

    Details

      Description

      The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability.

      Acknowledgment

      We would like to thank Peleg Hadar of SafeBreach Labs for reporting this vulnerability.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              security-metrics-bot SecurityB
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: