Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.JIRA_9_6_0_JRASERVER-74776.NASL
HistoryMar 13, 2023 - 12:00 a.m.

Atlassian Jira < 9.6.0 (JRASERVER-74776) (deprecated)

2023-03-1300:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
JSON

Atlassian has determined this vulnerability cannot be exploited, and does not impact Jira because it does not use the affected methods from Spring Framework. No action is needed by users to mitigate the threat.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# @DEPRECATED@
#
# Disabled on 2023/04/06. Advisory updated to state Jira is not affected.
##

include('compat.inc');

if (description)
{
  script_id(172500);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");

  script_cve_id("CVE-2022-22970", "CVE-2022-22971");

  script_name(english:"Atlassian Jira < 9.6.0 (JRASERVER-74776) (deprecated)");

  script_set_attribute(attribute:"synopsis", value:
"This plugin has been deprecated.");
  script_set_attribute(attribute:"description", value:
"Atlassian has determined this vulnerability cannot be exploited, and does not impact Jira because it does 
not use the affected methods from Spring Framework. No action is needed by users to mitigate the threat.");
  script_set_attribute(attribute:"see_also", value:"https://jira.atlassian.com/browse/JRASERVER-74776");
  script_set_attribute(attribute:"solution", value:
"n/a");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-22971");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/02/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/13");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:atlassian:jira");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_require_keys("installed_sw/Atlassian JIRA");

  exit(0);
}

exit(0, 'This plugin has been deprecated.');
VendorProductVersionCPE
atlassianjiracpe:/a:atlassian:jira

Related

openvas 2
atlassian 2
ibm 21
cve 2
github 2
prion 2
redhat 3
osv 4
debiancve 2
redhatcve 2
veracode 2
cnvd 2
ubuntucve 2
alpinelinux 2
nessus 5
oracle 5
openvas
openvas
VMware Spring Framework < 5.2.22, 5.3.x < 5.3.20 Multiple DoS Vulnerabilities - Windows
2022-05-11 00:00:00
VMware Spring Framework < 5.2.22, 5.3.x < 5.3.20 Multiple DoS Vulnerabilities - Linux
2022-05-11 00:00:00
atlassian
atlassian
Synchrony Proxy: spring-beans 5.3.19 is vulnerable to CVE-2022-22970
2022-09-14 06:31:26
Jira Server/DC impacted by CVE-2022-22970 & CVE-2022-22971 via vulnerable version of Spring framework
2023-02-03 05:50:39
ibm
ibm
Security Bulletin: IBM Common Licensing is vulnerable by a remote code attack in Spring Framework and Apache Commons(CVE-2022-22970,CVE-2022-22971,CVE-2022-33980)
2022-07-25 07:50:01
Security Bulletin: Multiple VMWare Tanzu Spring Vulerabilities Affects IBM OpenPages with Watson (CVE-2022-22968, CVE-2022-22970, CVE-2022-22971)
2023-07-28 16:48:32
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Spring Framework
2022-06-29 02:18:33
cve
cve
CVE-2022-22971
2022-05-12 20:15:00
CVE-2022-22970
2022-05-12 20:15:00
github
github
Allocation of Resources Without Limits or Throttling in Spring Framework
2022-05-13 00:00:29
Denial of service in Spring Framework
2022-05-13 00:00:28
prion
prion
Design/Logic Flaw
2022-05-12 20:15:00
Design/Logic Flaw
2022-05-12 20:15:00
redhat
redhat
(RHSA-2023:1661) Important: Red Hat AMQ Broker 7.11.0 release and security update
2023-04-05 13:22:07
(RHSA-2023:3185) Important: Red Hat AMQ Broker 7.10.3 release and security update
2023-05-17 13:55:59
(RHSA-2022:5532) Important: Red Hat Fuse 7.11.0 release and security update
2022-07-07 14:16:35
osv
osv
Allocation of Resources Without Limits or Throttling in Spring Framework
2022-05-13 00:00:29
Denial of service in Spring Framework
2022-05-13 00:00:28
CVE-2022-22970
2022-05-12 20:15:15
debiancve
debiancve
CVE-2022-22971
2022-05-12 20:15:00
CVE-2022-22970
2022-05-12 20:15:00
redhatcve
redhatcve
CVE-2022-22971
2022-05-18 17:34:35
CVE-2022-22970
2022-05-18 17:34:33
veracode
veracode
Denial Of Service (DoS)
2022-05-13 07:20:06
Denial Of Service (DoS)
2022-05-13 03:46:21
cnvd
cnvd
Spring Framework Denial of Service Vulnerability (CNVD-2022-68890)
2022-05-13 00:00:00
Spring Framework Denial of Service Vulnerability
2022-05-13 00:00:00
ubuntucve
ubuntucve
CVE-2022-22971
2022-05-12 00:00:00
CVE-2022-22970
2022-05-12 00:00:00
alpinelinux
alpinelinux
CVE-2022-22971
2022-05-12 20:15:00
CVE-2022-22970
2022-05-12 20:15:00
nessus
nessus
Oracle MySQL Enterprise Monitor (Jan 2023 CPU)
2023-01-20 00:00:00
Oracle WebLogic Server 14.1.1 < 14.1.1.0.221010 (Oct 2022 CPU)
2022-10-20 00:00:00
Oracle WebLogic Server (Oct 2022 CPU)
2022-10-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
JSON
Related for JIRA_9_6_0_JRASERVER-74776.NASL
openvas2atlassian2ibm21cve2github2prion2redhat3osv4debiancve2redhatcve2veracode2cnvd2ubuntucve2alpinelinux2nessus5oracle5