Details
-
Bug
-
Resolution: Fixed
-
Low
-
9.0.0, 8.22.4
-
8.22
-
13
-
Severity 3 - Minor
-
Description
Issue Summary
This is reproducible on Data Center: yes
- The current version of Tomcat 8.5.72 bundled with JIRA 8.22 and Tomcat 9.0.61 bundled with Jira 9 are vulnerable to CVE-2022-34305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305
Steps to Reproduce
- –
Expected Results
–
Actual Results
–
Workaround
Manually updating Tomcat would be a valid workaround, however checking Tomcat download link we can see that latest available versions are:
- For Tomcat 8, 8.5.81 http://archive.apache.org/dist/tomcat/tomcat-8/
- For Tomcat 9, 9.0.64 http://archive.apache.org/dist/tomcat/tomcat-9/
So, not even Tomcat has release a version that has the fix for this CVE, looks like this vulnerability is currently undergoing analysis.
Opening a ticket to keep track of it on our side.
Attachments
Issue Links
- mentioned in
-
Page Loading...
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-