Описание
The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole."
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- Broken Link
- Third Party AdvisoryVDB Entry
- VDB Entry
- PatchVendor Advisory
- Vendor Advisory
- Broken Link
- Third Party AdvisoryVDB Entry
- VDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 3.13.2 (исключая)
cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00641
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
около 3 лет назад
The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole."
EPSS
Процентиль: 70%
0.00641
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-94