Description

This advisory details critical security vulnerabilities that we have found in JIRA and fixed in recent versions of JIRA. These vulnerabilities affect all versions of JIRA up to and including 5.0.6.

  • Issue 1: Privilege escalation vulnerability
  • Issue 2: XSS Vulnerabilities
  • Issue 3: XSRF Vulnerability
  • Issue 4: Open Redirect Vulnerabilities

Remediation

Customers who have downloaded and installed JIRA should upgrade their existing JIRA installations or apply the patches to fix these vulnerabilities.

References

JIRA Security Advisory 2012-08-28

Related Vulnerabilities

Cross-site scripting vulnerability in Google Web Toolkit (CVE-2012-5920)

WordPress Plugin WordPress Infinite Scroll-Ajax Load More Cross-Site Scripting (5.6.0.2)

WordPress Plugin Gallery-Flagallery Photo Portfolio 'facebook.php' Cross-Site Scripting (1.56)

Joomla! Core 1.7.x Cross-Site Scripting (1.7.0 - 1.7.2)

WordPress Plugin Sina Extension for Elementor Multiple Cross-Site Scripting Vulnerabilities (3.3.11)

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

XSS CSRF Privilege Escalation Url Redirection