XML Vulnerability in JIRA

2012-03-30T03:47:02
ID ATLASSIAN:JRASERVER-27719
Type atlassian
Reporter alui
Modified 2019-03-28T00:05:53

Description

We have identified and fixed a vulnerability in JIRA that results from the way third-party XML parsers are used in JIRA. This vulnerability allows an attacker who is an authenticated JIRA user to execute denial of service attacks against the JIRA server.

All versions of JIRA up to and including 5.0.0 are affected.

Full details of the severity, risks and vulnerability can be found in the [JIRA Security Advisory 2012-05-17|http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17].