[JRASERVER-70813] DoS in avatar upload via crafted PNG file - CVE-2019-20897 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Low (View bug fix roadmap)
Fix Version/s: 8.5.4, 8.8.0, 8.7.1
Affects Version/s: 7.6.0, 7.13.0, 7.6.15, 8.5.1, 7.13.12
Component/s: User Management - User Profile
Labels:

Fixed in Long Term Support Release/s:

Download 8.5
Introduced in Version:
7.06
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file.

Affected versions

version < 8.5.4
8.6.0 ≤ version ≤ 8.7.0
8.7.0 ≤ version < 8.7.1

Fixed versions

8.5.4
8.7.1
8.8.0

David Black made changes - 19/Nov/2020 5:00 AM

Labels

Original: CVE-2019-20897 advisory advisory-to-release application-dos bounty cvss-medium denial-of-service monsters security

New: CVE-2019-20897 advisory advisory-released application-dos bounty cvss-medium denial-of-service monsters security

Dave (Inactive) made changes - 20/Aug/2020 11:59 PM

Fix Version/s

Original: 8.6.2 [ 91193 ]

Dave (Inactive) made changes - 20/Aug/2020 11:55 PM

Description

Original: The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file.

*Affected versions*
* version < 8.5.4
* 8.6.0 ≤ version < 8.6.2
* 8.7.0 ≤ version < 8.7.1

*Fixed versions*
* 8.5.4
* 8.6.2
* 8.7.1
* 8.8.0

New: The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file.

*Affected versions*
* version < 8.5.4
* 8.6.0 ≤ version ≤ 8.7.0
* 8.7.0 ≤ version < 8.7.1

*Fixed versions*
* 8.5.4
* 8.7.1
* 8.8.0

AB made changes - 13/Jul/2020 12:50 AM

Summary

Original: DoS in avatar upload via crafted PNG file

New: DoS in avatar upload via crafted PNG file - CVE-2019-20897

AB made changes - 13/Jul/2020 12:50 AM

Labels

Original: advisory advisory-to-release application-dos bounty cve-in-progress cvss-medium denial-of-service monsters security

New: CVE-2019-20897 advisory advisory-to-release application-dos bounty cvss-medium denial-of-service monsters security

AB made changes - 02/Jul/2020 4:00 AM

Labels

Original: advisory advisory-to-release application-dos bounty cvss-medium denial-of-service monsters security

New: advisory advisory-to-release application-dos bounty cve-in-progress cvss-medium denial-of-service monsters security

David Black made changes - 01/Jul/2020 12:39 AM

Labels

Original: advisory advisory-released advisory-to-release application-dos bounty cvss-medium denial-of-service monsters security

New: advisory advisory-to-release application-dos bounty cvss-medium denial-of-service monsters security

David Black made changes - 01/Jul/2020 12:39 AM

Labels

Original: advisory advisory-released application-dos bounty cvss-medium denial-of-service monsters security

New: advisory advisory-released advisory-to-release application-dos bounty cvss-medium denial-of-service monsters security

David Black made changes - 01/Jul/2020 12:39 AM

Labels

Original: advisory advisory-to-release application-dos bounty cvss-medium denial-of-service monsters security

New: advisory advisory-released application-dos bounty cvss-medium denial-of-service monsters security

set-jac-bot made changes - 22/May/2020 8:22 AM

Fixed in Enterprise Release/s

New: [Download 8.5|https://confluence.atlassian.com/enterprise/atlassian-enterprise-releases-948227420.html]

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 24/Mar/2020 1:35 AM

Updated:: 19/Nov/2020 5:00 AM

Resolved:: 24/Mar/2020 1:39 AM

Details

Description

Attachments

Forms

Activity

[JRASERVER-70813] DoS in avatar upload via crafted PNG file - CVE-2019-20897

People

Dates