CVE-2017-5983
First published: Mon Apr 10 2017(Updated: )
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian JIRA | =4.2.4 | |
| Atlassian JIRA | =4.3 | |
| Atlassian JIRA | =4.3.1 | |
| Atlassian JIRA | =4.3.2 | |
| Atlassian JIRA | =4.3.3 | |
| Atlassian JIRA | =4.3.4 | |
| Atlassian JIRA | =4.4 | |
| Atlassian JIRA | =4.4.1 | |
| Atlassian JIRA | =4.4.2 | |
| Atlassian JIRA | =4.4.3 | |
| Atlassian JIRA | =4.4.4 | |
| Atlassian JIRA | =4.4.5 | |
| Atlassian JIRA | =5.0 | |
| Atlassian JIRA | =5.0.1 | |
| Atlassian JIRA | =5.0.2 | |
| Atlassian JIRA | =5.0.3 | |
| Atlassian JIRA | =5.0.4 | |
| Atlassian JIRA | =5.0.5 | |
| Atlassian JIRA | =5.0.7 | |
| Atlassian JIRA | =5.1 | |
| Atlassian JIRA | =5.1.1 | |
| Atlassian JIRA | =5.1.2 | |
| Atlassian JIRA | =5.1.3 | |
| Atlassian JIRA | =5.1.4 | |
| Atlassian JIRA | =5.1.5 | |
| Atlassian JIRA | =5.1.6 | |
| Atlassian JIRA | =5.1.7 | |
| Atlassian JIRA | =5.1.8 | |
| Atlassian JIRA | =5.2 | |
| Atlassian JIRA | =5.2.1 | |
| Atlassian JIRA | =5.2.2 | |
| Atlassian JIRA | =5.2.3 | |
| Atlassian JIRA | =5.2.4 | |
| Atlassian JIRA | =5.2.5 | |
| Atlassian JIRA | =5.2.6 | |
| Atlassian JIRA | =5.2.7 | |
| Atlassian JIRA | =5.2.8 | |
| Atlassian JIRA | =5.2.9 | |
| Atlassian JIRA | =5.2.10 | |
| Atlassian JIRA | =5.2.11 | |
| Atlassian JIRA | =6.0 | |
| Atlassian JIRA | =6.0.1 | |
| Atlassian JIRA | =6.0.2 | |
| Atlassian JIRA | =6.0.3 | |
| Atlassian JIRA | =6.0.4 | |
| Atlassian JIRA | =6.0.5 | |
| Atlassian JIRA | =6.0.7 | |
| Atlassian JIRA | =6.0.8 | |
| Atlassian JIRA | =6.1 | |
| Atlassian JIRA | =6.1.1 | |
| Atlassian JIRA | =6.1.2 | |
| Atlassian JIRA | =6.1.3 | |
| Atlassian JIRA | =6.1.4 | |
| Atlassian JIRA | =6.1.5 | |
| Atlassian JIRA | =6.1.6 | |
| Atlassian JIRA | =6.1.7 | |
| Atlassian JIRA | =6.1.8 | |
| Atlassian JIRA | =6.1.9 | |
| Atlassian JIRA | =6.2 | |
| Atlassian JIRA | =6.2.1 | |
| Atlassian JIRA | =6.2.2 | |
| Atlassian JIRA | =6.2.3 | |
| Atlassian JIRA | =6.2.4 | |
| Atlassian JIRA | =6.2.5 | |
| Atlassian JIRA | =6.2.6 | |
| Atlassian JIRA | =6.2.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-5983?
CVE-2017-5983 is considered a critical vulnerability due to its potential for remote code execution.
How can I fix CVE-2017-5983?
To fix CVE-2017-5983, upgrade Atlassian JIRA to version 6.3.0 or later.
What types of attacks can exploit CVE-2017-5983?
CVE-2017-5983 can be exploited to execute arbitrary code, read files, or cause denial of service.
Which versions of Atlassian JIRA are affected by CVE-2017-5983?
CVE-2017-5983 affects Atlassian JIRA versions prior to 6.3.0.
Is CVE-2017-5983 being actively exploited?
Yes, there have been reports of active exploitation of CVE-2017-5983 in the wild.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/tags
- agent/references
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- vendor/atlassian
- canonical/atlassian jira
- version/atlassian jira/4.2.4
- version/atlassian jira/4.3
- version/atlassian jira/4.3.1
- version/atlassian jira/4.3.2
- version/atlassian jira/4.3.3
- version/atlassian jira/4.3.4
- version/atlassian jira/4.4
- version/atlassian jira/4.4.1
- version/atlassian jira/4.4.2
- version/atlassian jira/4.4.3
- version/atlassian jira/4.4.4
- version/atlassian jira/4.4.5
- version/atlassian jira/5.0
- version/atlassian jira/5.0.1
- version/atlassian jira/5.0.2
- version/atlassian jira/5.0.3
- version/atlassian jira/5.0.4
- version/atlassian jira/5.0.5
- version/atlassian jira/5.0.7
- version/atlassian jira/5.1
- version/atlassian jira/5.1.1
- version/atlassian jira/5.1.2
- version/atlassian jira/5.1.3
- version/atlassian jira/5.1.4
- version/atlassian jira/5.1.5
- version/atlassian jira/5.1.6
- version/atlassian jira/5.1.7
- version/atlassian jira/5.1.8
- version/atlassian jira/5.2
- version/atlassian jira/5.2.1
- version/atlassian jira/5.2.2
- version/atlassian jira/5.2.3
- version/atlassian jira/5.2.4
- version/atlassian jira/5.2.5
- version/atlassian jira/5.2.6
- version/atlassian jira/5.2.7
- version/atlassian jira/5.2.8
- version/atlassian jira/5.2.9
- version/atlassian jira/5.2.10
- version/atlassian jira/5.2.11
- version/atlassian jira/6.0
- version/atlassian jira/6.0.1
- version/atlassian jira/6.0.2
- version/atlassian jira/6.0.3
- version/atlassian jira/6.0.4
- version/atlassian jira/6.0.5
- version/atlassian jira/6.0.7
- version/atlassian jira/6.0.8
- version/atlassian jira/6.1
- version/atlassian jira/6.1.1
- version/atlassian jira/6.1.2
- version/atlassian jira/6.1.3
- version/atlassian jira/6.1.4
- version/atlassian jira/6.1.5
- version/atlassian jira/6.1.6
- version/atlassian jira/6.1.7
- version/atlassian jira/6.1.8
- version/atlassian jira/6.1.9
- version/atlassian jira/6.2
- version/atlassian jira/6.2.1
- version/atlassian jira/6.2.2
- version/atlassian jira/6.2.3
- version/atlassian jira/6.2.4
- version/atlassian jira/6.2.5
- version/atlassian jira/6.2.6
- version/atlassian jira/6.2.7