Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 9.2.0, 8.13.27, 8.20.14
Affects Version/s: 9.0.0, 8.22.4
Component/s: Security, Tomcat
Labels:

Introduced in Version:
8.22
Support reference count:
13
Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

Issue Summary

This is reproducible on Data Center: yes

The current version of Tomcat 8.5.72 bundled with JIRA 8.22 and Tomcat 9.0.61 bundled with Jira 9 are vulnerable to CVE-2022-34305 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305

Steps to Reproduce

–

Expected Results

–

Actual Results

–

Workaround

Manually updating Tomcat would be a valid workaround, however checking Tomcat download link we can see that latest available versions are:

For Tomcat 8, 8.5.81 http://archive.apache.org/dist/tomcat/tomcat-8/
For Tomcat 9, 9.0.64 http://archive.apache.org/dist/tomcat/tomcat-9/

So, not even Tomcat has release a version that has the fix for this CVE, looks like this vulnerability is currently undergoing analysis.

Opening a ticket to keep track of it on our side.

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(15 mentioned in)

Assignee:: Karol Skwierawski

Reporter:: Mikaela Teixeira

Votes:: 6 Vote for this issue

Watchers:: 26 Start watching this issue

Created:: 28/Jun/2022 2:48 PM

Updated:: 06/Apr/2023 3:55 PM

Resolved:: 25/Aug/2022 2:35 PM