CVE-2017-18101
First published: Tue Apr 10 2018(Updated: )
Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian JIRA | <7.6.5 | |
| Atlassian Jira Server | >=7.7.0<7.7.3 | |
| Atlassian Jira Server | >=7.8.0<7.8.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/atlassian
- canonical/atlassian jira
- canonical/atlassian jira server
- version/atlassian jira server/7.7.0
- version/atlassian jira server/7.8.0