[JSWSERVER-20471] Security Vulnerability Tomcat AJP CNVD-2020-10487/CVE-2020-1938

Type: Suggestion
Resolution: Answered
Fix Version/s: None
Component/s: Reports
Labels:

UIS:
1
Feedback Policy:

We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

I would like to check whether Jira is affected by the recent security vulnerability issues TOMCAT AJP CNVD-2020-10487/CVE-2020-1938.

If yes, please suggest the Jira version to be upgraded.

thanks.

is cloned from

JSDSERVER-6768 Jira Service Desk Security Vulnerability Tomcat AJP CNVD-2020-10487/CVE-2020-1938

Closed

relates to

JRASERVER-70993 The version of Apache Tomcat included with Jira Server is affected by CVE-2020-1935, CVE-2020-1938, CVE-2019-17569

Closed

RAID-1987 You do not have permission to view this issue

mentioned in: Page Failed to load

Colin Xu made changes - 27/Apr/2021 3:35 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 547941 ]

Colin Xu made changes - 22/Jun/2020 5:00 AM

Resolution		New: Answered [ 9 ]
Status	Original: Gathering Interest [ 11772 ]	New: Closed [ 6 ]

Colin Xu made changes - 22/Jun/2020 4:58 AM

Assignee

New: Colin Xu [ cxu ]

Daniel Rauf made changes - 15/Jun/2020 9:09 AM

Remote Link

New: This issue links to "RAID-1987 (JIRA Server (Bulldog))" [ 488967 ]

Daniel Rauf made changes - 15/Jun/2020 9:08 AM

Link

New: This issue relates to ~~JRASERVER-70993~~ [ ~~JRASERVER-70993~~ ]

Daniel Rauf made changes - 15/Jun/2020 9:00 AM

Link

New: This issue relates to JRASERVER-71092 [ JRASERVER-71092 ]

Security Metrics Bot made changes - 11/Jun/2020 12:15 AM

Labels

Original: patch-management security

New: cvss-high patch-management security

David Black made changes - 09/Jun/2020 11:53 PM

Labels

Original: no-cvss-required patch-management security

New: patch-management security

Colin Xu made changes - 09/Jun/2020 2:19 AM

Labels

Original: cvss-high patch-management security

New: no-cvss-required patch-management security

Colin Xu made changes - 09/Jun/2020 2:19 AM

Comment

[ A comment with security level 'atlassian-staff' was removed. ]

Assignee:: Colin Xu

Reporter:: win

Votes:: 5 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 11/Mar/2020 11:21 AM

Updated:: 27/Apr/2021 3:35 PM

Resolved:: 22/Jun/2020 5:00 AM

Jira Software Data Center

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates

Backbone Issue Sync