Uploaded image for project: 'Jira Service Management Data Center'
  1. Jira Service Management Data Center
  2. JSDSERVER-8716

Jira Service Management / Insight Asset Management vulnerable to RCE Security



    • 9
    • Critical
    • CVE-2018-10054



      Insight - Asset Management has a feature to import data from several databases (DBs). One of these DBs, the H2 DB, has a native function in its library which an attacker can use to run code on the server (remote code execution a.k.a. RCE). The H2 DB is bundled with Jira to help speed up the setup of Jira test environments.

      The combination of the DB import feature introduced by Insight - Asset Management with the existing Jira H2 DB library exposed this vulnerability. The vulnerability exists whether or not the import configuration was saved and even if H2 was never used as a targeted DB. Accessing this vulnerability requires the following:

      • The user must be an authenticated Jira user AND

      Either of the following privileges within Insight - Asset Management:

      • user or group permission to “Insight administrator”
      • user or group permission to “Object Schema Manager”



      The issue was discovered by l0gg via the Atlassian public bug bounty program.


      Affected versions:

      Insight - Asset Management version:
      • All 5.x versions
      • All 6.x versions
      • All 7.x versions
      • All 8.0.x, 8.1.x, 8.2.x, 8.3.x, 8.4.x, 8.5.x, 8.6.x, 8.7.x, 8.8.x versions
      • All 8.9.x versions before 8.9.3

      Jira Service Management Data Center and Server version:

      • All 4.15.x versions
      • All 4.16.x versions
      • All 4.17.x versions
      • All 4.18.x versions
      • All 4.19.x versions|

      Fixed versions:

      Insight - Asset Management-8.9.3 

      Jira Service Management Data Center and Jira Service Management Server-4.20.0 

      Further details can be found on the advisory page.


        Issue Links



              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              0 Vote for this issue
              21 Start watching this issue



                Backbone Issue Sync