-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Low
-
Affects Version/s: 8.22.4, 9.0.0
-
8.22
-
13
-
Severity 3 - Minor
Issue Summary
This is reproducible on Data Center: yes
- The current version of Tomcat 8.5.72 bundled with JIRA 8.22 and Tomcat 9.0.61 bundled with Jira 9 are vulnerable to CVE-2022-34305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305
Steps to Reproduce
- –
Expected Results
–
Actual Results
–
Workaround
Manually updating Tomcat would be a valid workaround, however checking Tomcat download link we can see that latest available versions are:
- For Tomcat 8, 8.5.81 http://archive.apache.org/dist/tomcat/tomcat-8/
- For Tomcat 9, 9.0.64 http://archive.apache.org/dist/tomcat/tomcat-9/
So, not even Tomcat has release a version that has the fix for this CVE, looks like this vulnerability is currently undergoing analysis.
Opening a ticket to keep track of it on our side.
- mentioned in
-
Page Loading...
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-