SQL Injection in Jira Software Server [Integration for HipChat]

Type atlassian
Reporter security-metrics-bot
Modified 2021-01-06T06:43:58


Affected versions of Jira Server have a SQL injection vulnerability that has now been fixed by removing the vulnerable HipChat integration plugin.

Affected versions: * versions < 8.14.0

Fixed versions: * 8.14.0

The plugin is no longer installed in new versions of Jira. However, the removal of the plugin was not back-ported to an LTS release. Therefore, as a workaround, we recommend disabling the plugin.