Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-70945

DLL hijacking in Jira Server & JSD via Tomcat - CVE-2019-20419

      Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat.

      Affected versions:

      • version < 8.5.5
      • 8.6.0 ≤ version < 8.7.2

      Fixed versions:

      • 8.5.5
      • 8.7.2
      • 8.8.0

            [JRASERVER-70945] DLL hijacking in Jira Server & JSD via Tomcat - CVE-2019-20419

            Hello. please confirm that removing this this vulnerability doesn't require to upgrade to 8.8 before upgrading to 8.13.x

            Gertrude Dogendorf added a comment - Hello. please confirm that removing this this vulnerability doesn't require to upgrade to 8.8 before upgrading to 8.13.x

            Looks like it's next iteration of that JRASERVER-70407

            mdoar2yes

            Gonchik Tsymzhitov added a comment - Looks like it's next iteration of that  JRASERVER-70407 mdoar2 yes

            Matt Doar added a comment -

            Windows only right?

            Matt Doar added a comment - Windows only right?

            This is an independent assessment and you should evaluate its applicability to your own IT environment.
            CVSS v3 score: 4.2 => Medium severity

            Exploitability Metrics

            Attack Vector Local
            Attack Complexity High
            Privileges Required Low
            User Interaction None

            Scope Metric

            Scope Changed

            Impact Metrics

            Confidentiality Low
            Integrity Low
            Availability None

            https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

            Security Metrics Bot added a comment - This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 4.2 => Medium severity Exploitability Metrics Attack Vector Local Attack Complexity High Privileges Required Low User Interaction None Scope Metric Scope Changed Impact Metrics Confidentiality Low Integrity Low Availability None https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: