Description
This advisory details critical security vulnerabilities that we have found in JIRA and fixed in recent versions of JIRA. These vulnerabilities affect all versions of JIRA up to and including 5.0.6.
- Issue 1: Privilege escalation vulnerability
- Issue 2: XSS Vulnerabilities
- Issue 3: XSRF Vulnerability
- Issue 4: Open Redirect Vulnerabilities
Remediation
Customers who have downloaded and installed JIRA should upgrade their existing JIRA installations or apply the patches to fix these vulnerabilities.
References
Related Vulnerabilities
WordPress Plugin CM Ad Changer Multiple Cross-Site Scripting Vulnerabilities (1.7.2)
CKEditor 4.0.1 cross-site scripting vulnerability
WordPress Plugin Error Log Viewer by BestWebSoft Cross-Site Scripting (1.0.5)
WordPress Plugin Comment Attachment Cross-Site Scripting (1.5.5)
WordPress Plugin WordPress-Amazon-Associate (WPAA) Cross-Site Scripting (2.0)