Clarification of term "web interface" and actions.

Ken Morford September 26, 2016

This question is in reference to Atlassian Documentation: JIRA and HipChat for JIRA plugin Security Advisory 2016-09-21

  1. In regards to the method of attack - it states that an attacker only needs access to the JIRA web interface. Can you further qualify? Would this include the external login page or would need to be an authenticated user? 
  2. Has there been any evidence of exploitation for Cloud customer instances and what kind of actions are being taken to determine if this vulnerability has been exploited during the period of exposure between versions: 6.4.8 <= version < 7.0.11?

Thanks!

 

1 answer

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

0 votes
Answer accepted
Jonas Andersson
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 27, 2016
  1. The userinterface is all of it, don't think it matters if they are authenticated or not. You would have to raise a request with support to get details, if you are not lucky enough to run into the person that discovered the bug here in the user forum.
  2. Atlassian isn't very open with this, and seeing how poor the audit logs are, i doubt they were looking for it. If they did look into it, and did find anything i doubt they would mention it. Once more, if you have security concerns for your own instance, they might be able to look into it. I assume they front-end their cloud stack with a rewrite proxy, so they might actually have logs they can look into if you suspect you were a victim. Once more, User forums, and we don't have many more answers than you.
TAGS
AUG Leaders

Atlassian Community Events