Atlassian JIRA < 4.1.2 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 5577


The remote web server hosts an application that is vulnerable to multiple attack vectors.


Atlassian JIRA, a web-based application for bug tracking, issue tracking, and project management is installed on the remote web server. Versions of JIRA earlier than 4.1.2 are potentially affected by multiple vulnerabilities :

- Multiple cross-site scripting vulnerabilities in URL query strings.
- JIRA standalone fails to properly protect sensitive cookie data with the 'HTTPOnly' protection mechanism.
- Users without the 'JIRA Users' permission can login via crowd single-sign-on.
- A cross-site request forgery in the 'logout' action.
- Multiple vulnerabilities in the FishEye plugin.
- A security vulnerability in the Bamboo plugin.


Upgrade to Atlassian JIRA 4.1.2 or later.

See Also

Plugin Details

Severity: Medium

ID: 5577

Family: CGI

Published: 2010/06/21

Modified: 2016/01/15

Dependencies: 1442

Nessus ID: 47114

Risk Information

Risk Factor: Medium


Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 5.3

Temporal Score: 5.1


Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2010/06/18

Vulnerability Publication Date: 2010/06/18

Reference Information

BID: 40950, 40953, 40955