icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Atlassian JIRA 6.0.x < 6.0.4 Directory Traversal

Medium

Synopsis

The remote web server hosts an application that is vulnerable to a directory traversal attack vector.

Description

The version of JIRA installed on the remote host is earlier than 6.0.4 and is affected by a flaw in the Issue Collector plugin within 'rest/TemporaryAttachmentsResource.java' that allows traversing outside of a restricted path. The issue is due to the 'filename' POST parameter not being properly sanitized, specifically allowing path traversal style attacks (e.g. '../'). With a specially crafted request, a remote attacker can write files to arbitrary locations on the system.

Solution

Update to JIRA 6.0.x version 6.0.4 or later.