Atlassian Jira 7.11.x < 7.11.3 Multiple Vulnerabilities

medium Web App Scanning Plugin ID 113796

Synopsis

Atlassian Jira 7.11.x < 7.11.3 Multiple Vulnerabilities

Description

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to version 7.6.10, 7.7.0 prior to 7.7.5, 7.8.0 prior to 7.8.5, 7.9.0 prior to7.9.3, 7.10.0 prior to 7.10.3, 7.11.0 prior to 7.11.3, 7.12.0 prior to 7.12.3 or 7.13.0 prior to 7.13.13. It is, therefore, affected by multiple vulnerabilities.

- A vulnerability which permits remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability (CVE-2018-13404).

- A vulnerability which permits remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability via the XsrfErrorAction resource (CVE-2018-13401).

- A vulnerability which permits remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate via an improper access control (13400).

- A vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the epic colour field of an issue while an issue is being moved (13395).

- A vulnerability which permits remote attackers who can access & view an issue to obtain the email address of the reporter and assignee user of an issue despite the configured email visibility setting being set to hidden (CVE-2018-13391).

- A vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter due to an incomplete fix to CVE-2017-18039.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Atlassian Jira version 7.11.3 or later.

See Also

https://jira.atlassian.com/browse/JRASERVER-67750

https://jira.atlassian.com/browse/JRASERVER-67848

https://jira.atlassian.com/browse/JRASERVER-68138

https://jira.atlassian.com/browse/JRASERVER-68139

https://jira.atlassian.com/browse/JRASERVER-68527

Plugin Details

Severity: Medium

ID: 113796

Type: remote

Published: 3/14/2023

Updated: 3/14/2023

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2018-13400

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS Score Source: CVE-2018-13387

Vulnerability Information

CPE: cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*

Exploit Ease: No known exploits are available

Patch Publication Date: 12/3/2018

Vulnerability Publication Date: 12/3/2018

Reference Information

CVE: CVE-2018-13387, CVE-2018-13391, CVE-2018-13395, CVE-2018-13400, CVE-2018-13401, CVE-2018-13404

BID: 107039, 105751, 105165, 104890

CWE: 200, 269, 601, 79, 918

OWASP: 2010-A10, 2010-A2, 2010-A4, 2010-A6, 2013-A10, 2013-A3, 2013-A4, 2013-A5, 2013-A9, 2017-A5, 2017-A6, 2017-A7, 2017-A9, 2021-A1, 2021-A10, 2021-A3, 2021-A4, 2021-A6

WASC: Application Misconfiguration, Cross-Site Scripting, Information Leakage, Insufficient Authorization, URL Redirector Abuse

CAPEC: 116, 122, 13, 169, 209, 22, 224, 233, 285, 287, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 312, 313, 317, 318, 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 472, 497, 508, 573, 574, 575, 576, 577, 58, 588, 59, 591, 592, 60, 616, 63, 643, 646, 651, 79, 85

DISA STIG: APSC-DV-000460, APSC-DV-000500, APSC-DV-002490, APSC-DV-002560, APSC-DV-002630

HIPAA: 164.306(a)(1), 164.306(a)(2), 164.312(a)(1), 164.312(a)(2)(i)

ISO: 27001-A.13.1.1, 27001-A.14.1.2, 27001-A.14.1.3, 27001-A.14.2.5, 27001-A.18.1.3, 27001-A.6.2.2, 27001-A.9.1.2, 27001-A.9.4.1, 27001-A.9.4.4, 27001-A.9.4.5

NIST: sp800_53-AC-3, sp800_53-CM-6b, sp800_53-SI-10, sp800_53-SI-15

OWASP API: 2019-API7, 2023-API7, 2023-API8

OWASP ASVS: 4.0.2-14.2.1, 4.0.2-5.1.5, 4.0.2-5.2.6, 4.0.2-5.3.3, 4.0.2-8.3.4

PCI-DSS: 3.2-6.2, 3.2-6.5.7, 3.2-6.5.8, 3.2-6.5.9