Atlassian JIRA < 8.4.0 Multiple Vulnerabilities

medium Nessus Plugin ID 129099
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote web server hosts a web application that is potentially affected by multiple vulnerabilities.

Description

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is prior to prior to 8.4.0. It is, therefore, affected by multiple vulnerabilities:

- An authorization bypass vulnerability exists in the /rest/issueNav/1/issueTable resource as well as the /rest/api/latest/groupuserpicker resource. An unauthenticated, remote attacker can exploit this, to enumerate usernames due to an incorrect authorization check. (CVE-2019-8449)
- A server-side request forgery (SSRF) vulnerability exists in the /plugins/servlet/gadgets/makeRequest resource due to a logic bug in the JiraWhitelist class. A remote attacker can exploit this to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability. (CVE-2019-8451)
- An authentication bypass vulnerability exists in the /rest/api/1.0/render rest resource. An unauthenticated, remote attacker can exploit this, to determine if an attachment with a specific name exists and if an issue key is valid due to a missing permissions check. (CVE-2019-14995)

- An information disclosure vulnerability exists in the AccessLogFilter class due to a caching vulnerability. A remote anonymous attackers can exploit this to access details about other users, including their username, when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN. (CVE-2019-14997)

- A cross-site request forgery (XSRF) vulnerability exists in Webwork action Cross-Site Request Forgery (CSRF) protection. A remote attacker can exploit this by bypassing its protection by 'cookie tossing' a CSRF cookie from a subdomain of a Jira instance. (CVE-2019-14998)

Solution

Upgrade to Atlassian JIRA version 8.4.0

See Also

https://jira.atlassian.com/browse/JRASERVER-69791

https://jira.atlassian.com/browse/JRASERVER-69792

https://jira.atlassian.com/browse/JRASERVER-69793

https://jira.atlassian.com/browse/JRASERVER-69794

https://jira.atlassian.com/browse/JRASERVER-69796

Plugin Details

Severity: Medium

ID: 129099

File Name: jira_8_4_0.nasl

Version: 1.9

Type: combined

Agent: windows, macosx, unix

Family: CGI abuses

Published: 9/20/2019

Updated: 7/13/2021

Dependencies: jira_detect.nasl, atlassian_jira_win_installed.nbin, atlassian_jira_nix_installed.nbin

Risk Information

CVSS Score Source: CVE-2019-8451

VPR

Risk Factor: Medium

Score: 4

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5.3

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Temporal Vector: E:F/RL:OF/RC:C

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:atlassian:jira

Required KB Items: installed_sw/Atlassian JIRA

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/9/2019

Vulnerability Publication Date: 8/12/2019

Exploitable With

Elliot (Atlassian JIRA Username Enumeration)

Reference Information

CVE: CVE-2019-8449, CVE-2019-8451, CVE-2019-14995, CVE-2019-14997, CVE-2019-14998