Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/103730 | Broken Link |
https://jira.atlassian.com/browse/JRASERVER-67107 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
22 Apr 2022, 20:40
Type | Values Removed | Values Added |
---|---|---|
References | (BID) http://www.securityfocus.com/bid/103730 - Broken Link |
25 Mar 2022, 17:22
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:* | |
First Time |
Atlassian jira Server
|
Information
Published : 2018-04-10 13:29
Updated : 2023-12-10 12:30
NVD link : CVE-2017-18101
Mitre link : CVE-2017-18101
CVE.ORG link : CVE-2017-18101
JSON object : View
Products Affected
atlassian
- jira
- jira_server