Atlassian JIRA < 6.0.4 Arbitrary File Creation

medium Nessus Plugin ID 73272

Synopsis

The remote web server hosts a web application that is potentially affected by an arbitrary file creation vulnerability.

Description

According to its self-reported version number, the version of Atlassian JIRA hosted on the remote web server is prior to version 6.0.4. It is, therefore, potentially affected by an arbitrary file creation vulnerability due to a flaw in the Issue Collector plugin in which the 'filename' POST parameter is not properly sanitized, which allows traversing outside a restricted path. A remote, unauthenticated attacker, using a crafted request, can exploit this vulnerability to create files in arbitrary directories in the JIRA installation.

This vulnerability only affects JIRA installations running on the Windows OS.

Note that the Issue Collector plugin for JIRA is also affected by this vulnerability; however, Nessus did not did confirm that this plugin is installed.

Solution

Upgrade to JIRA 6.0.4 or later, and upgrade or disable the Issue Collector plugin.

See Also

http://www.nessus.org/u?7c962b4a

https://jira.atlassian.com/browse/JRA-36442

Plugin Details

Severity: Medium

ID: 73272

File Name: jira_6_0_4.nasl

Version: 1.12

Type: remote

Family: CGI abuses

Published: 3/31/2014

Updated: 6/5/2024

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:atlassian:jira

Required KB Items: Settings/ParanoidReport, installed_sw/Atlassian JIRA

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/26/2014

Vulnerability Publication Date: 2/26/2014

Exploitable With

Core Impact

Metasploit (JIRA Issues Collector Directory Traversal)

Reference Information

CVE: CVE-2014-2314

BID: 65849