Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-75331

Malicious file upload in Jira Server via anonymous sources

    • 5.3
    • Medium

      Affected versions of Atlassian Jira Server/DC allows an unauthenticated attacker to upload arbitrary files to Jira via file upload functionality in the fileupload url. However An attacker cannot control the filename or its location, which prevents the possibility of RCE.

      Files with name start with multPartReq with .tmp filename may be seen in "<JIRA_INSTALL>/work" path location due to this bug.

       
      Affected versions:

      • version < 9.4.0
      • 9.4.0 < version < 9.4.3
      • version <= 8.20.18
      • version <= 8.13.27

      Fixed versions: 

      • 9.4.4
      • 8.20.20
      • 9.5.4

            [JRASERVER-75331] Malicious file upload in Jira Server via anonymous sources

            Yes, this has cleared my confusion. Thank you.

            Amr Hamza (Legacy) added a comment - Yes, this has cleared my confusion. Thank you.

            146dab3de87d Our 9.4 releases are LTS release. Reading this means, 9.4.4 is when this fixed and all releases after but within 9.4.x has the fix. At this point of writing, 9.4.4 until 9.4.7 has the fix. Hope this helps.

            Zul NS [Atlassian] added a comment - 146dab3de87d Our 9.4 releases are LTS release. Reading this means, 9.4.4 is when this fixed and all releases after but within 9.4.x has the fix. At this point of writing, 9.4.4 until 9.4.7 has the fix. Hope this helps.

            Is 9.4.4 the only fix version or is it 9.4.4 and higher? Thanks.

            Amr Hamza (Legacy) added a comment - Is 9.4.4 the only fix version or is it 9.4.4 and higher? Thanks.

            This is an independent assessment and you should evaluate its applicability to your own IT environment.

            CVSS v3 score: 5.3 => Medium severity

            Exploitability Metrics

            Attack Vector Network
            Attack Complexity Low
            Privileges Required None
            User Interaction None

            Scope Metric

            Scope Unchanged

            Impact Metrics

            Confidentiality None
            Integrity None
            Availability Low

            https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

            Manisha Sangwan added a comment - This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 5.3 => Medium severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required None User Interaction None Scope Metric Scope Unchanged Impact Metrics Confidentiality None Integrity None Availability Low https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: