vulnerability

JIRA Security Advisory 2017-03-09: JIRA Server - XXE/Deserialization in JIRA Workflow Designer Plugin

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Mar 9, 2017	Mar 20, 2017	Oct 30, 2017

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Mar 9, 2017

Added

Mar 20, 2017

Modified

Oct 30, 2017

Description

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.

Solution

atlassian-jira-upgrade-6_3_0

References

BID-97379
CERT-VN-307983
CVE-2017-5983
https://attackerkb.com/topics/CVE-2017-5983
URL-http://confluence.atlassian.com/jira/jira-security-advisory-2017-03-09-879243455.html
URL-http://jira.atlassian.com/browse/JRA-64077

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today