Community
Products
Jira
Questions
Apache Struts vulnerability CVE-2020-17530

Apache Struts vulnerability CVE-2020-17530

I have Apache Struts2 vulnerability CVE-2020-17530, is Jira 7.13.18 unaffected?

2 answers

2 accepted

1 vote

Answer accepted

I previously posed the question to support and the response I received:

"As described in this old Jira bug JRASERVER-66491 (not directly related to CVE-2020-17530, but it contains the information about Struts.), Atlassian Jira does not use Apache Struts 2.

Therefore, we can confirm that vulnerability CVE-2020-17530 does not affect Jira 8.5.5."

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

0 votes

Answer accepted

All I can tell you is that

https://www.cvedetails.com/vulnerability-list/vendor_id-3578/product_id-8170/Atlassian-Jira.html

doesn't include that vulnerability at all in the list. There's nothing there from 2020 though.

Maybe someone more security-savy can tell you more but regardless this seems a great question to ask directly to Atlassian rather than to the community. Who better than them to give you a official answer as oposed to an opinion? https://support.atlassian.com/contact/#/

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Apache Struts vulnerability CVE-2020-17530

2 answers

2 accepted

Suggest an answer

Was this helpful?

Thanks!

TAGS

Community showcase

Atlassian Community Events