SynopsisThe remote web server hosts a web application that is affected by a man-in-the-middle vulnerability.
DescriptionAccording to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.13.14, or version 8.5.x prior to 8.5.5, 8.8.x prior to 8.8.2, or 8.9.x prior to 8.9.1. It is, therefore, affected by a man-in-the-middle (MitM) vulnerability in the email client of Jira Server and Data Center. A remote, unauthenticated attacker can exploit this in order to access outgoing emails between a Jira instance and the SMTP server.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Atlassian Jira version 7.13.16, 8.5.7, 8.8.2, 8.9.1, 8.10.0 or later.