JIRA Security Advisory 2014-02-26
Description
This security advisory addresses three critical vulnerabilities discovered in JIRA versions up to and including 6.1.3. The vulnerabilities include two path traversal issues affecting Windows installations (in the Issue Collector and Importers plugins) and one privilege escalation vulnerability affecting all platforms. These flaws could allow attackers to access unauthorized files or elevate their permissions within the JIRA system.
Remediation
Immediately upgrade your JIRA installation to version 6.1.4 or later, which contains fixes for all three vulnerabilities. Follow these steps:
1. Backup your JIRA instance: Create a complete backup of your JIRA database and installation directory before proceeding.
2. Review the upgrade path: Consult the official Atlassian upgrade documentation to determine the appropriate upgrade path for your current version.
3. Perform the upgrade: Download the latest JIRA version from the Atlassian website and follow the standard upgrade procedure for your installation type (standalone, data center, or cloud).
4. Apply patches (if upgrade is not immediately possible): If you cannot upgrade immediately, apply the security patches provided by Atlassian for your specific JIRA version.
5. Verify the fix: After upgrading or patching, verify that your JIRA version is 6.1.4 or higher by checking the system information in the administration console.
For detailed upgrade instructions and patch availability, refer to the official JIRA Security Advisory 2014-02-26 linked in the references section.