-
Public Security Vulnerability
-
Resolution: Fixed
-
Low (View bug fix roadmap)
-
9.4.0, 8.13.27, 8.20.14, 9.4.3, 8.20.18
-
5.3
-
Medium
Affected versions of Atlassian Jira Server/DC allows an unauthenticated attacker to upload arbitrary files to Jira via file upload functionality in the fileupload url. However An attacker cannot control the filename or its location, which prevents the possibility of RCE.
Files with name start with multPartReq with .tmp filename may be seen in "<JIRA_INSTALL>/work" path location due to this bug.
Affected versions:
- version < 9.4.0
- 9.4.0 < version < 9.4.3
- version <= 8.20.18
- version <= 8.13.27
Fixed versions:
- 9.4.4
- 8.20.20
- 9.5.4
- relates to
-
VULN-833557 Failed to load
[JRASERVER-75331] Malicious file upload in Jira Server via anonymous sources
146dab3de87d Our 9.4 releases are LTS release. Reading this means, 9.4.4 is when this fixed and all releases after but within 9.4.x has the fix. At this point of writing, 9.4.4 until 9.4.7 has the fix. Hope this helps.
Is 9.4.4 the only fix version or is it 9.4.4 and higher? Thanks.
This is an independent assessment and you should evaluate its applicability to your own IT environment.
CVSS v3 score: 5.3 => Medium severity
Exploitability Metrics
| Attack Vector | Network |
|---|---|
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
Scope Metric
| Scope | Unchanged |
|---|
Impact Metrics
| Confidentiality | None |
|---|---|
| Integrity | None |
| Availability | Low |
https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Yes, this has cleared my confusion. Thank you.