Does CVE-2018-10054 still apply to affected JSM installations that DO NOT have Insight installed?
This vuln actually affects the H2 database that ships with Jira. Affected versions of Insight allow it to be exploited, but it's best to assume that there could be other attack vectors as well. My recommendation would be to follow the Mitigation steps in the announcement even if you don't intend to use Insight. Of course, this means you need to use a production grade database and migrate off of H2. H2 serves no useful purpose if you are using a supported database, so you should remove it.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.