-
Public Security Vulnerability
-
Resolution: Fixed
-
Low (View bug fix roadmap)
-
8.22.0, 8.20.5, 8.13.18
-
7.5
-
High
Affected versions of Atlassian Jira Service Server and Data Center allow an unauthenticated attacker to perform a denial of service attack against services that use the apache-commons-compress package.
The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.6, from version 8.21.0 before 8.22.1, and from version 8.23.0 before 9.0.0.
Affected versions:
- version < 8.13.19
- 8.14.0 β€ version < 8.20.6
- 8.21.0 β€ version < 8.22.1
- 8.23.0 β€ version < 9.0.0
Fixed versions:
- 8.13.19
- 8.20.6
- 8.22.1
- 9.0.0
[JRASERVER-73304] Denial of service attacks due to use of vulnerable version of apache-commons-compress package
This is an independent assessment and you should evaluate its applicability to your own IT environment.
CVSS v3 score: 7.5 => High severity
Exploitability Metrics
| Attack Vector | Network |
|---|---|
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
Scope Metric
| Scope | Unchanged |
|---|
Impact Metrics
| Confidentiality | None |
|---|---|
| Integrity | None |
| Availability | High |
https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Is there a CVE ID available for this vulnerability ?