Atlassian JIRA < 6.1.4 Privilege Escalation

medium Nessus Plugin ID 73274

Synopsis

The remote web server hosts a web application that is potentially affected by a privilege escalation vulnerability.

Description

According to its self-reported version number, the version of Atlassian JIRA hosted on the remote web server is prior to 6.1.4. It is, therefore, potentially affected by a privilege escalation vulnerability, which allows a remote, unauthenticated attacker to commit actions on behalf of any authorized user.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to JIRA 6.1.4 or later.

See Also

http://www.nessus.org/u?7c962b4a

https://jira.atlassian.com/browse/JRA-35797

Plugin Details

Severity: Medium

ID: 73274

File Name: jira_6_1_4.nasl

Version: 1.9

Type: remote

Family: CGI abuses

Published: 3/31/2014

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:atlassian:jira

Required KB Items: Settings/ParanoidReport, installed_sw/Atlassian JIRA

Patch Publication Date: 2/26/2014

Vulnerability Publication Date: 2/26/2014