Community resources
Community resources
Community resources
Jira vulnerable to CVE-2022-42252
I am not exactly sure Jira actually makes use of Tomcat though I find various libraries and would like to raise the question of Jira being vulerable to CVE-2022-42252?
https://nvd.nist.gov/vuln/detail/CVE-2022-42252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42252
find /opt/atlassian/ -name "{*}tomcat{*}"
/opt/atlassian/jira/atlassian-jira/WEB-INF/classes/com/atlassian/jira/util/tomcat
/opt/atlassian/jira/conf/tomcat-users.xsd
/opt/atlassian/jira/conf/tomcat-users.xml
/opt/atlassian/jira/lib/tomcat-i18n-ja.jar
/opt/atlassian/jira/lib/tomcat-i18n-fr.jar
/opt/atlassian/jira/lib/tomcat-i18n-ko.jar
/opt/atlassian/jira/lib/tomcat-jdbc.jar
/opt/atlassian/jira/lib/tomcat-util-scan.jar
/opt/atlassian/jira/lib/tomcat-api.jar
/opt/atlassian/jira/lib/tomcat-i18n-zh-CN.jar
/opt/atlassian/jira/lib/tomcat-jni.jar
/opt/atlassian/jira/lib/tomcat-util.jar
/opt/atlassian/jira/lib/tomcat-coyote.jar
/opt/atlassian/jira/lib/tomcat-i18n-de.jar
/opt/atlassian/jira/lib/tomcat-i18n-es.jar
/opt/atlassian/jira/lib/tomcat-i18n-ru.jar
/opt/atlassian/jira/lib/tomcat-dbcp.jar
/opt/atlassian/jira/lib/tomcat-websocket.jar
/opt/atlassian/jira/bin/tomcat-juli.jar
/opt/atlassian/jira/bin/tomcat8.exe.x64
/opt/atlassian/jira/bin/tomcat8.exe.x64.exe
/opt/atlassian/jira/bin/tomcat8w.exe
/opt/atlassian/jira/bin/tomcat8.exe
/opt/atlassian/jira/tomcat-docs
/opt/atlassian/jira/licenses/tomcat-7.txt
grep "Apache Tomcat Version" /opt/atlassian/jira/tomcat-docs/RELEASE-NOTES
Apache Tomcat Version 8.5.78