[JRASERVER-75331] Malicious file upload in Jira Server via anonymous sources

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low (View bug fix roadmap)
Fix Version/s: 9.5.0, 9.4.4, 8.20.20
Affects Version/s: 9.4.0, 8.13.27, 8.20.14, 9.4.3, 8.20.18
Component/s: Security
Labels:

CVSS Score:
5.3
CVSS Severity:
Medium

Affected versions of Atlassian Jira Server/DC allows an unauthenticated attacker to upload arbitrary files to Jira via file upload functionality in the fileupload url. However An attacker cannot control the filename or its location, which prevents the possibility of RCE.

Files with name start with multPartReq with .tmp filename may be seen in "<JIRA_INSTALL>/work" path location due to this bug.

Affected versions:

version < 9.4.0
9.4.0 < version < 9.4.3
version <= 8.20.18
version <= 8.13.27

Fixed versions:

9.4.4
8.20.20
9.5.4

relates to: VULN-833557 Failed to load

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 12/Apr/2023 9:24 AM

Updated:: 30/Aug/2023 7:59 AM

Resolved:: 16/Jun/2023 10:00 AM

Jira Data Center

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates