Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Atlassian JIRA < 4.1.2 Multiple Vulnerabilities

Medium

Synopsis

The remote web server hosts an application that is vulnerable to multiple attack vectors.

Description

Atlassian JIRA, a web-based application for bug tracking, issue tracking, and project management is installed on the remote web server. Versions of JIRA earlier than 4.1.2 are potentially affected by multiple vulnerabilities :

- Multiple cross-site scripting vulnerabilities in URL query strings. - JIRA standalone fails to properly protect sensitive cookie data with the 'HTTPOnly' protection mechanism. - Users without the 'JIRA Users' permission can login via crowd single-sign-on. - A cross-site request forgery in the 'logout' action. - Multiple vulnerabilities in the FishEye plugin. - A security vulnerability in the Bamboo plugin.

Solution

Upgrade to Atlassian JIRA 4.1.2 or later.