Atlassian JIRA < 3.12.1 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 4329

Synopsis

The remote web server contains an application that is affected by one or more vulnerabilities.

Description

Atlassian JIRA, a web-based application for bug tracking, issue tracking and project management, installed on the remote web server is affected by one or more of the following issues :

- A cross-site scripting issue due to its failure to sanitize error messages under a user's control and passed to the '500page.jsp' script before using them to generate dynamic output.

- A security bypass issue that may allow an attacker to change JIRA's default language by accessing its first setup page directly.

- A security bypass issue by which a user may delete a shared filter created by another user.

Solution

Upgrade to version 3.12.1 or higher or patch according to vendor recommendations.

See Also

http://jira.atlassian.com/browse/JRA-13999

http://jira.atlassian.com/browse/JRA-14086

http://jira.atlassian.com/browse/JRA-14105

http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24

http://www.atlassian.com/software/jira

Plugin Details

Severity: Medium

ID: 4329

Family: CGI

Published: 1/2/2008

Updated: 3/6/2019

Nessus ID: 29834

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:atlassian:jira

Reference Information

CVE: CVE-2007-6617, CVE-2007-6618, CVE-2007-6619

BID: 27095, 27094