Atlassian JIRA version 8.11.1 suffers from a user enumeration vulnerability.
6584245530e79f39f2415efeba748683f667c83104fcd83cfe44d6c6ab433980Atlassian Jira Server/Data Center version 8.4.0 suffers from a limited remote file read vulnerability.
ecbe65e6819640536803270e333b2bc7cd27353076cd635aa742fc37892cee93Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011, could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. Various versions of Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center are affected.
1d1e7afd06b6338674555bdc5902d12019ece6717146ea1deddafa1c4ec2dfffAtlassian Jira Server / Data Center version 8.16.0 suffer from a cross site scripting vulnerability.
11cb5c10c7bc260840e9f99059eab8e717769aeff2d90a62ed3b887604e735c0Atlassian Jira version 8.15.0 suffers from a username enumeration vulnerability.
01db45162cdfbd20811911d949d8e0b51cc7df6910ff6fc3394accd66300c530Atlassian Jira Service Desk version 4.9.1 suffers from a cross site scripting vulnerability via a file upload.
dfcde77b165540e992acf77b90f6fd749ada31c0790bd7b52362a5e4ecd40c70Gantt-Chart for Jira versions 5.5.4 and below suffer from a cross site scripting vulnerability.
dba9c39f62d06702328bfd60b00d5294682d93ffb3a9a9a32da2fcec3d90878cGantt-Chart for Jira versions 5.5.3 and below misses a privilege check which allows an attacker to read and write the module configuration for other users.
9df2362de6597719f21d5c1862f3e1d1ce649c17851a9656ab81b49eafc4b5ffJira version 8.3.4 suffers from a username enumeration information disclosure vulnerability.
4f9bd16fa47944747d6a3950c8b2cfec6eb77614b502ff649390d94798c33c62Jira Service Desk Server and Data Center product versions below 3.9.17, 3.10.0 up to 3.16.11, 4.0.0 up to 4.2.6, 4.3.0 up to 4.3.5, 4.4.0 up to 4.4.3, and 4.5.0 up to 4.5.1 are susceptible to a path traversal vulnerability.
7080e92a97a87f926d87df454a396848f9491f786060cbd25b9c83577cc2efa3Infosysta Jira version 1.6.13_J8 suffers from a user name disclosure vulnerability.
506fa47855ab00052d2c3b374f021b09caf1e85be4e4a010161eed8775c5f5b8Infosysta Jira version 1.6.13_J8 suffers from an authentication bypass vulnerability that allows you to see project lists.
5759cf071d560c4da28fae8baa88ebacb2d306e5d1cfc0ae9d1a454907d296b8Infosysta Jira version 1.6.13_J8 suffers from an authentication bypass vulnerability that allows you to see push notifications for a given user.
01fd0ed65d6bb484afc3a2b833eae1e73bda43947aa08a133d177919fadef778Jira Server and Data Center suffer from a template injection vulnerability. Versions affected include 7.0.10 up to 7.6.16, 7.7.0 up to 7.13.8, 8.0.0 up to 8.1.3, 8.2.0 up to 8.2.5, 8.3.0 up to 8.3.4, and 8.4.0 up to 8.4.1.
9506b8cb8908b8c285b6269247edf4b6b2be0b43fcb2a0b7d2fa9067b0e39019Jira Service Desk Server and Data Center product versions below 3.9.16, 3.10.0 up to 3.16.8, 4.0.0 up to 4.1.3, 4.2.0 up to 4.2.5, 4.3.0 up to 4.3.4, and 4.4.0 up to 4.4.1 are susceptible to a path traversal vulnerability.
1bd78cc6d3d45eea1fb1efadb1e82ae16a452e32f277d1510a2aaea4b0c5fff9Jira Server and Data Center products suffer from a template injection vulnerability. Many versions are affected.
0670cac056ef0706c3b99c0a9a1c4c8f0c94e902d675559fb791d7a7720b2d35This Metasploit module can be used to execute a payload on Atlassian Jira via the Universal Plugin Manager(UPM). The module requires valid login credentials to an account that has access to the plugin manager. The payload is uploaded as a JAR archive containing a servlet using a POST request against the UPM component. The check command will test the validity of user supplied credentials and test for access to the plugin manager.
fb47812af6f170c72f706227c7635ea0efcb1f492374881294375137a6d0c137Debian Linux Security Advisory 3950-1 - Hossein Lotfi and Jakub Jirasek from Secunia Research have discovered multiple vulnerabilities in LibRaw, a library for reading RAW images. An attacker could cause a memory corruption leading to a DoS (Denial of Service) with craft KDC or TIFF file.
6bd640d22d0636b104d231b80f39fb8bd250f4aa1590299391ca0277bd425d7bUbuntu Security Notice 3309-2 - Jakub Jirasek discovered that GnuTLS incorrectly handled certain assignments files. If a user were tricked into processing a specially crafted assignments file, a remote attacker could possibly execute arbitrary code.
d2c0c5302f6559086320ecc7ba3af4421baf11d0f0d29206837bd55883c8d012Ubuntu Security Notice 3309-1 - Jakub Jirasek discovered that GnuTLS incorrectly handled certain assignments files. If a user were tricked into processing a specially crafted assignments file, a remote attacker could possibly execute arbitrary code.
604750eb7ea85fc1263f64be0adbb377df9564063ad40ae67615914bdbdb3dc9Ubuntu Security Notice 3306-1 - Agostino Sarubbo and Jakub Jirasek discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code.
fbea49bbfed434bfcce62a15d2778715d6c388a04384856437ee54a1c12be504Debian Linux Security Advisory 3861-1 - Jakub Jirasek of Secunia Research discovered that libtasn1, a library used to handle Abstract Syntax Notation One structures, did not properly validate its input. This would allow an attacker to cause a crash by denial-of-service, or potentially execute arbitrary code, by tricking a user into processing a maliciously crafted assignments file.
a686af7b3ef858fd2228b341cc27e32399ed5f33d77e41ebaf52b825d43fa96dTempest Security Intelligence Advisory ADV-2/2016 - Atlassian Jira version 7.1.7 suffers from a cross site scripting vulnerability.
3dd9c56b41ffd99414961adca6598dde55319f70e320fedb4f66bd617a6133bdJIRA Artezio Board plugin version 1.4 suffers from cross site scripting and information disclosure vulnerabilities.
a0d144ea2b00eb5d9831c86d25439a5db48c3e97147d507ef547e9cec42fa4faJIRA Mail.ru Calendar plugin version 2.4.2.50_JIRA6 suffers from multiple cross site scripting vulnerabilities.
9db0638c04e003fb397fbec73497ef7bd2a7f509cc3b670b2cae9f8fb924d6c0Atlassian Jira versions 6.1.4 and below suffer from a cross site scripting vulnerability.
69982c2e62642ecdd6d36596ed6e34438ea61178dc78a728f96a3b398a394b62
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed