9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
7.5 High
AI Score
Confidence
High
0.024 Low
EPSS
Percentile
90.0%
Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.
confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16
jira.atlassian.com/browse/JRA-20995
jira.atlassian.com/browse/JRA-21004
secunia.com/advisories/39353
www.openwall.com/lists/oss-security/2010/04/16/3
www.openwall.com/lists/oss-security/2010/04/16/4
www.securityfocus.com/bid/39485
exchange.xforce.ibmcloud.com/vulnerabilities/57828