Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-22167

Опубликовано: 22 окт. 2025
Источник: nvd
CVSS3: 6.5
EPSS Низкий

Описание

This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in 11.0.0 of Jira Software Data Center and Server. This Path Traversal (Arbitrary Write) vulnerability, with a CVSS Score of 8.7, allows an attacker to modify any filesystem path writable by the Jira JVM process. Atlassian recommends that Jira Software Data Center and Server customers upgrade to the latest version; if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Jira Software Data Center and Server 9.12: Upgrade to a release greater than or equal to 9.12.28 Jira Software Data Center and Server 10.3: Upgrade to a release greater than or equal to 10.3.12 Jira Software Data Center and Server 11.0: Upgrade to a release greater than or equal to 11.1.0

See the release notes. You can download the latest version of Jira Software Data Center and Server from the download center. This vulnerability was reported

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
Версия от 9.12.0 (включая) до 9.12.28 (исключая)
cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
Версия от 10.3.0 (включая) до 10.3.12 (исключая)
cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
Версия от 11.0.0 (включая) до 11.1.0 (исключая)
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
Версия от 9.12.0 (включая) до 9.12.28 (исключая)
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
Версия от 10.3.0 (включая) до 10.3.12 (исключая)
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
Версия от 11.0.0 (включая) до 11.1.0 (исключая)

EPSS

Процентиль: 21%
0.00068
Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

github логотип

GHSA-wvj6-fjwf-f68m

CVSS3: 6.5
github
4 месяца назад

This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 and remain present in 11.0.0 of Jira Software Data Center and Server. This Path Traversal (Arbitrary Write) vulnerability, with a CVSS Score of 8.7, allows an attacker to modify any filesystem path writable by the Jira JVM process. Atlassian recommends that Jira Software Data Center and Server customers upgrade to the latest version; if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Jira Software Data Center and Server 9.12: Upgrade to a release greater than or equal to 9.12.28 Jira Software Data Center and Server 10.3: Upgrade to a release greater than or equal to 10.3.12 Jira Software Data Center and Server 11.0: Upgrade to a release greater than or equal to 11.1.0 See the release notes. You can download the latest version of Jira Software Data Center and Server from the download center. This vulnerability was reported v...

fstec логотип

BDU:2025-13334

CVSS3: 8.8
fstec
5 месяцев назад

Уязвимость процесса Jira JVM программного продукта обработки данных Atlassian Jira Software Data Center and Server, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 21%
0.00068
Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22