We have received the below vulnerabilities in JIRA Application could you please help on this.
Atlassian Jira Server and Data Center Cross Site Scripting Vulnerability(JRASERVER-70814)
Atlassian Jira Server and Data Center Multiple Vulnerabilities(JRASERVER-70883, JRASERVER-70882,JRASERVER-70881)
Atlassian Jira Server and Data Center Denial of Service Vulnerability(JRASERVER-70808)
Atlassian Jira Server and Data CenterDenial of Service Vulnerability(JRASERVER-70813)
Atlassian Jira Server and Data Center Cross Site Scripting Vulnerability(JRASERVER-70858)
Atlassian Jira Server and Data Center Information Disclosure Vulnerability(JRASERVER-70942)
Atlassian Jira Server and Data Center Cross-Site Scripting Vulnerability(JRASERVER-71184)
Hi @kirubakaran
I see that you are using Jira 7.13.0 and have concerns about those security issues noted in those tickets. Nic is correct, you will need to upgrade Jira to a version at or above those listed fix versions in each of those bug tickets in order to prevent these vulnerabilities being exploited in Jira.
I looked at the fix versions of each of those bugs and right now I would recommend installing the latest 8.13.x version, as this is the current Enterprise release version. As of today that would be 8.13.1. There might be other acceptable versions that contain all these fixes, however this being an enterprise release means it is far more likely to keep getting critical bug fixes throughout it's two year life-span as outlined in our Support End of Life policy.
If you have not upgraded Jira before, I would recommend walking though our guide in Upgrading Jira applications for reference.
Let me know if you have any questions or concerns here.
Andy
You'll want to upgrade to a version that these have all been fixed in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.