Описание
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.
Ссылки
- Technical Description
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Vendor Advisory
- Third Party AdvisoryUS Government ResourceVDB Entry
- Technical Description
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Vendor Advisory
- Third Party AdvisoryUS Government ResourceVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:atlassian:jira:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:4.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:4.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:4.4.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:4.4.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:4.4.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.0:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.1.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.1.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.1.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.1.6:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.1.7:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.1.8:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.2.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.2.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.2.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.2.6:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.2.7:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.2.8:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.2.9:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.2.10:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:5.2.11:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.0:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.0.7:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.0.8:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.1.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.1.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.1.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.1.6:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.1.7:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.1.8:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.1.9:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.2.2:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.2.3:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.2.4:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.2.5:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.2.6:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:6.2.7:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04886
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-502
Связанные уязвимости
CVSS3: 9.8
github
около 3 лет назад
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.
EPSS
Процентиль: 89%
0.04886
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-502