Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to fix this bug CVE-2016-1000031

China infrastructure
China infrastructure March 20, 2019

How to fix this bug CVE-2016-1000031

Answer
Watch
Like Be the first to like this
505 views

2 answers

0 votes
China infrastructure
China infrastructure March 21, 2019

Hi Daniel,

Will this risk affect JIRA and confluence?

View More Comments
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 21, 2019

Jira and Confluence are not affected at all by this CVE. Cheers!

Like
China infrastructure
China infrastructure March 24, 2019

Hi Daniel,

 

Thank you for your reply. Jira and confluence are installed on our server. Can we fix this risk item? Are there any links to fixes? thank you

Like
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 25, 2019

There is no risk item for Jira and Confluence. The CVE only affects Fisheye and Crucible, which are not part of Jira or Confluence.

If you do not have Fisheye or Crucible installed (these are separate applications entirely), you do not need to take any action.

Like
Reply
0 votes
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 21, 2019

Hey there,

According to our issue tracker, Atlassian Fisheye and Atlassian Crucible contained vulnerable versions of the Apache Commons FileUpload library noted in CVE-2016-1000031. However, our implementation of these libraries did not use the DiskFileItem class which was the attack vector in this advisory. Despite that, Fisheye and Crucible 4.7.0 now contain a patched version of the library.

Cheers,
Daniel

Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
TAGS
AUG Leaders

Atlassian Community Events

    See all events