CVE-2017-18101

Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*

History

22 Apr 2022, 20:40

Type Values Removed Values Added
References (BID) http://www.securityfocus.com/bid/103730 - Third Party Advisory, VDB Entry (BID) http://www.securityfocus.com/bid/103730 - Broken Link

25 Mar 2022, 17:22

Type Values Removed Values Added
First Time Atlassian jira Server
CPE cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

Information

Published : 2018-04-10 13:29

Updated : 2022-04-22 20:40


NVD link : CVE-2017-18101

Mitre link : CVE-2017-18101


JSON object : View

Products Affected

atlassian

  • jira
  • jira_server
CWE
CWE-862

Missing Authorization