Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
JIRA Security Advisory 2012-08-28 - Vulnerability Database

JIRA Security Advisory 2012-08-28

Description

Multiple critical security vulnerabilities have been identified in Atlassian JIRA versions up to and including 5.0.6. This advisory addresses four distinct vulnerability classes: a privilege escalation flaw that allows unauthorized elevation of user permissions, multiple cross-site scripting (XSS) vulnerabilities enabling injection of malicious scripts, a cross-site request forgery (XSRF/CSRF) vulnerability that permits unauthorized actions on behalf of authenticated users, and open redirect vulnerabilities that can be exploited for phishing attacks. All JIRA installations running version 5.0.6 or earlier are affected and require immediate remediation.

Remediation

Take the following steps to remediate these vulnerabilities:

1. Upgrade JIRA immediately: Update to JIRA version 5.0.7 or later, which contains fixes for all identified vulnerabilities. Download the latest version from the official Atlassian website.

2. For environments where immediate upgrade is not possible: Apply the security patches provided by Atlassian for your specific JIRA version. Patch files and installation instructions are available in the security advisory referenced below.

3. Post-upgrade verification:

  • Review user permissions and roles to identify any unauthorized privilege escalations that may have occurred
  • Audit recent administrative actions and configuration changes for suspicious activity
  • Review application logs for evidence of exploitation attempts
  • Force password resets for administrative accounts if compromise is suspected
4. Additional security measures: Implement Content Security Policy (CSP) headers and ensure JIRA is only accessible over HTTPS to mitigate future XSS and CSRF risks.

Consult the official JIRA Security Advisory 2012-08-28 for detailed patch installation procedures and version-specific guidance.

References

JIRA Security Advisory 2012-08-28

Related Vulnerabilities

Adobe Coldfusion 8 multiple linked XSS vulnerabilies High
Common tags: XSS CSRF
WordPress Plugin Quick Post Widget Multiple Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities (1.9.1) High
Common tags: XSS CSRF
WordPress Plugin Simply Poll Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities (1.4.1) High
Common tags: XSS CSRF
MediaWiki multiple remote vulnerabilities High
Common tags: XSS CSRF
WordPress Plugin WP-reCAPTCHA HTML Injection and Cross-Site Request Forgery Vulnerabilities (2.9.8.2) High
Common tags: XSS CSRF

Severity

High

Classification

CWE-79
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

XSS
CSRF
Privilege Escalation
URL Redirection