-
Public Security Vulnerability
-
Resolution: Fixed
-
Low
-
6.3, 8.6.0, 8.14.0, 8.5.15
-
None
-
Severity 1 - Critical
-
9.8
-
Critical
-
CVE-2020-36239
Issue Summary
Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011 [0][1][2], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service.
[0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated.
[1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated.
[2] The default Ehcache port is 40001 but it can be configured to be on a different port, see Installing JIRA Data Center for more details.
Affected versions:
The versions of Jira Data Center, Jira Core Data Center, and Jira Software Data Center affected by this vulnerability are:
- From version 6.3.0 before 8.5.16 (the fixed version for 8.5.x)
- From version 8.6.0 before 8.13.8 (the fixed version for 8.13.x)
- From version 8.14.0 before 8.17.0
The versions of Jira Service Management Data Center affected by this vulnerability are:
- From version 2.0.2 before 4.5.16 (the fixed version for 4.5.x)
- From version 4.6.0 before 4.13.8 (the fixed version for 4.13.x)
- From version 4.14.0 before 4.17.0
Fixed Versions
To address these issues, we have released Jira Data Center, Jira Core Data Center, and Jira Software Data Center:
- 8.5.16 that contains a fix for this issue
- 8.13.8 that contains a fix for this issue
- 8.17.0 that contains a fix for this issue
Jira Service Management Data Center versions:
- 4.5.16 that contains a fix for this issue
- 4.13.8 that contains a fix for this issue
- 4.17.0 that contains a fix for this issue
These versions can be downloaded at:
- Jira Core Server: https://www.atlassian.com/software/jira/core/download
- Jira Software Data Center: https://www.atlassian.com/software/jira/update
- Jira Service Management Data Center: https://www.atlassian.com/software/jira/service-management/update
Additional details
For additional details, see the full advisory: https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html
- is related to
-
JSDSERVER-8454 Jira Data Center & Jira Service Management Data Center - Missing Authentication for Ehcache RMI - CVE-2020-36239
- Published
- relates to
-
PRODSEC-2454 Loading...