what you don't know can hurt you

Jira Ehcache RMI Missing Authentication

Jira Ehcache RMI Missing Authentication
Posted Jul 27, 2021
Authored by Atlassian

Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011, could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. Various versions of Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center are affected.

tags | advisory, arbitrary
advisories | CVE-2020-36239
MD5 | 74ded10ddbdc265a72fe7aa123d82993

Jira Ehcache RMI Missing Authentication

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

This email refers to the advisory found at
https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html



CVE ID:

* CVE-2020-36239


Products: Jira Data Center, Jira Core Data Center, Jira Software Data Center,
and Jira Service Management Data Center.

Affected Versions - Jira Data Center, Jira Core Data Center, and Jira Software
Data Center:

6.3.0 <= version < 8.5.16
8.6.0 <= version < 8.13.8
8.14.0 <= version < 8.17.0



Affected Versions - Jira Service Management Data Center:

2.0.2 <= version < 4.5.16
4.6.0 <= version < 4.13.8
4.14.0 <= version < 4.17.0


Fixed Versions - Jira Data Center, Jira Core Data Center, and Jira Software
Data
Center versions:

* Version 8.5.16 for 8.5.x LTS
* Version 8.13.8 for 8.13.x LTS
* Version 8.17.0

Fixed Versions - Jira Service Management Data Center

* Version 4.5.16 for 4.5.x LTS
* Version 4.13.8 for 4.13.x LTS
* Version 4.17.0




Summary:
This advisory discloses a critical severity security vulnerability introduced
in
version 6.3.0 of Jira Data Center, Jira Core Data Center, Jira Software Data
Center, and Jira Service Management Data Center (known as Jira Service Desk
prior to 4.14). Affected versions of Jira Data Center and Jira Service
Management Data Center can be found in the table above (see “Affected
Versions”).

Customers who have downloaded and installed any versions listed in the Affected
Versions section must upgrade their installations immediately to fix this
vulnerability:
* Jira Data Center
* Jira Core Data Center
* Jira Software Data Center
* Jira Service Management Data Center

Atlassian Cloud is not affected by the issue described in this email.
Jira Cloud is not affected.
Jira Service Management Cloud is not affected.
Non-Data Center instances of Jira Server (Core & Software) and Jira Service
Management are not affected by the issue described in this email.


Missing Authentication for Ehcache RMI - CVE-2020-36239

Severity:
Atlassian rates the severity level of this vulnerability as critical, according
to the scale published in our Atlassian severity levels. The scale allows us to
rank the severity as critical, high, moderate or low.
This is our assessment and you should evaluate its applicability to your own IT
environment.


Description:
Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira
Service Management Data Center exposed a Ehcache RMI network service which
attackers, who can connect to the service, on port 40001 and potentially
40011[0][1][2], could execute arbitrary code of their choice in Jira through
deserialization due to a missing authentication vulnerability. While Atlassian
strongly suggests restricting access to the Ehcache ports to only Data Center
instances, fixed versions of Jira will now require a shared secret in order to
allow access to the Ehcache service.

[0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center
versions prior to 7.13.1, the Ehcache object port can be randomly allocated.

[1] In Jira Service Management Data Center versions prior to 3.16.1, the
Ehcache
object port can be randomly allocated.

[2] The default Ehcache port is 40001 but it can be configured to be on a
different port, see
https://confluence.atlassian.com/adminjiraserver/installing-jira-data-center-938846870.html#InstallingJiraDataCenter-parametersCluster.propertiesfileparameters
for more details.


Fix:

To address these issues, we've released the following versions containing a
fix:
For Jira Data Center, Jira Core Data Center, and Jira Software Data Center:
* 8.5.16 that contains a fix for this issue
* 8.13.8 that contains a fix for this issue
* 8.17.0 that contains a fix for this issue

For Jira Service Management Data Center:
* 4.5.16 that contains a fix for this issue
* 4.13.8 that contains a fix for this issue
* 4.17.0 that contains a fix for this issue


Remediation:

Atlassian recommends that you upgrade to the latest version. We also recommend
restricting access to the Ehcache RMI ports as per
https://confluence.atlassian.com/adminjiraserver/installing-jira-data-center-938846870.html#InstallingJiraDataCenter-Security
& the full advisory for this issue -
https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html#JiraDataCenterAndJiraServiceManagementDataCenterSecurityAdvisory20210721-WhatYouNeedtoDo
.

Fixed versions can be downloaded at:
* Jira Core Server: https://www.atlassian.com/software/jira/core/download
* Jira Software Data Center: https://www.atlassian.com/software/jira/update
* Jira Service Management Data Center:
https://www.atlassian.com/software/jira/service-management/update



Support:
If you have questions or concerns regarding this advisory, please raise a
support request at https://support.atlassian.com/.
-----BEGIN PGP SIGNATURE-----

iQJLBAEBCgA1FiEEXh3qw5vbMx/VSutRJCCXorxSdqAFAmD9/10XHHNlY3VyaXR5
QGF0bGFzc2lhbi5jb20ACgkQJCCXorxSdqD23xAAhUzZvFJdPI2/ypg8GYq3vptP
Y6sE89dxn2tpCJsnXdAYdWyKBFzTX3bpp7WVf3CvLn970bVi+BFGqFj0/O0JPtEz
bdlLddX9WqCjCmvKL13xSfjUVhJDKY461HL6L+tOO/YQx3xvEZLTKD9gNRv59cVA
wKoqA/OfFHu62iljz/z3HZn7a/YJ9SbQfBD+1vbfgWvWJZgR5dnCrnLNYpwiD1gO
9Yy7nXXkz6fo2XYOkB5yem578II0BusfcWNQ3r5nEn4DFUSo6zBMKr1PBdX0zyVE
uYucexb4PqefxsUfMjmrXBmn8dmgNHRcQmVoP2pSUDxwz9qQ5pMiCVlSJpgwsEPD
/kzARUxyujMmVgzPcrbNdtQIIzIf6US/QQzGsbuhraF6LY/+/wiNvtKPOk9SyByQ
1LDw+vCa7HXbMDUisKDHgsbc0MHrcD0wWpMQnKwk0Jay6TXkqBg3oUY+wbTcLkKr
X+IhYasbuVpB/Kz1gV8Xy62m80GZRbWyxdIrJS43fHw0tnAEq6jy+WRsaBZHtIL0
TF5bENkeBOx7KkPpxmclm9Nu7ZosAjxFfGw5hHQ9ym4pRMZ5vc2LagL717haQMk/
orbuMmmJ00LF3IqEQ2cQqs/I8Y4Zmnf1fk59GL303UJGVErvcfGSnIKLhAkXzcF4
lLsTKPa7SJl3NyTztO4=
=OR0i
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close