Описание
Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:atlassian:jira:3.12:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:3.12.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:3.12.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:3.12.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:3.13:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:3.13.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:3.13.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:3.13.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:3.13.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:3.13.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:4.0:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:4.1:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04907
Низкий
9 Critical
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
около 3 лет назад
Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.
EPSS
Процентиль: 89%
0.04907
Низкий
9 Critical
CVSS2
Дефекты
CWE-94