Uploaded image for project: 'Jira Service Management Server and Data Center'
  1. Jira Service Management Server and Data Center
  2. JSDSERVER-8716

Jira Service Management / Insight Asset Management vulnerable to RCE Security

    XMLWordPrintable

Details

    • 9
    • Critical
    • CVE-2018-10054

    Description

      Description 

      Insight - Asset Management has a feature to import data from several databases (DBs). One of these DBs, the H2 DB, has a native function in its library which an attacker can use to run code on the server (remote code execution a.k.a. RCE). The H2 DB is bundled with Jira to help speed up the setup of Jira test environments.

      The combination of the DB import feature introduced by Insight - Asset Management with the existing Jira H2 DB library exposed this vulnerability. The vulnerability exists whether or not the import configuration was saved and even if H2 was never used as a targeted DB. Accessing this vulnerability requires the following:

      • The user must be an authenticated Jira user AND

      Either of the following privileges within Insight - Asset Management:

      • user or group permission to “Insight administrator”
      • user or group permission to “Object Schema Manager”

       

      Acknowledgments

      The issue was discovered by l0gg via the Atlassian public bug bounty program.

       

      Affected versions:

      Insight - Asset Management version:
      • All 5.x versions
      • All 6.x versions
      • All 7.x versions
      • All 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, 8.5.x, 8.6.x, 8.7.x, 8.8.x versions
      • All 8.9.x versions before 8.9.3

      Jira Service Management Data Center and Server version:

      • All 4.15.x versions
      • All 4.16.x versions
      • All 4.17.x versions
      • All 4.18.x versions
      • All 4.19.x versions|

      Fixed versions:

      Insight - Asset Management-8.9.3 

      Jira Service Management Data Center and Jira Service Management Server-4.20.0 

      Further details can be found on the advisory page.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Votes:
              0 Vote for this issue
              Watchers:
              22 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Backbone Issue Sync