Atlassian JIRA < 3.12.1 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 4329


The remote web server contains an application that is affected by one or more vulnerabilities.


Atlassian JIRA, a web-based application for bug tracking, issue tracking and project management, installed on the remote web server is affected by one or more of the following issues :

- A cross-site scripting issue due to its failure to sanitize error messages under a user's control and passed to the '500page.jsp' script before using them to generate dynamic output.

- A security bypass issue that may allow an attacker to change JIRA's default language by accessing its first setup page directly.

- A security bypass issue by which a user may delete a shared filter created by another user.


Upgrade to version 3.12.1 or higher or patch according to vendor recommendations.

See Also

Plugin Details

Severity: Medium

ID: 4329

Family: CGI

Published: 2008/01/02

Modified: 2018/09/16

Dependencies: 1442

Nessus ID: 29834

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 5.3

Temporal Score: 4.9


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:atlassian:jira

Reference Information

CVE: CVE-2007-6618, CVE-2007-6619, CVE-2007-6617

BID: 27095, 27094