[JRASERVER-71833] SQL Injection in Jira Software Server [Integration for HipChat] - Create and track feature requests for Atlassian products.

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low (View bug fix roadmap)
Fix Version/s: 8.14.0
Affects Version/s: 8.13.1
Component/s: None
Labels:

CVSS Score:
5.9
CVSS Severity:
Medium

Affected versions of Jira Server have a SQL injection vulnerability that has now been fixed by removing the vulnerable HipChat integration plugin.

Affected versions:

versions < 8.14.0

Fixed versions:

8.14.0

The plugin is no longer installed in new versions of Jira. However, the removal of the plugin was not back-ported to an LTS release. Therefore, as a workaround, we recommend disabling the plugin.

is detailed by: VULN-169791 Failed to load

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: 8.14.0
Affects Version/s: 8.13.1
Component/s: None
Labels:

CVSS Score:
5.9
CVSS Severity:
Medium

Affected versions of Jira Server have a SQL injection vulnerability that has now been fixed by removing the vulnerable HipChat integration plugin.

Affected versions:

versions < 8.14.0

Fixed versions:

8.14.0

The plugin is no longer installed in new versions of Jira. However, the removal of the plugin was not back-ported to an LTS release. Therefore, as a workaround, we recommend disabling the plugin.

is detailed by: VULN-169791 Loading...

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 23/Nov/2020 4:53 AM

Updated:: 06/Sep/2023 12:25 PM

Resolved:: 24/Nov/2020 3:06 PM

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 23/Nov/2020 4:53 AM

Updated:: 06/Sep/2023 12:25 PM

Resolved:: 24/Nov/2020 3:06 PM

Details

Description

Attachments

Issue Links

Forms

Activity