Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Atlassian Jira Server and Data Center Denial of service Vulnerability (JRASERVER-71197, JRASERVER-71

We have received the below vulnerabilities in JIRA Application could you please help on this.

 

Atlassian Jira Server and Data Center Cross Site Scripting Vulnerability(JRASERVER-70814)
Atlassian Jira Server and Data Center Multiple Vulnerabilities(JRASERVER-70883, JRASERVER-70882,JRASERVER-70881)

Atlassian Jira Server and Data Center Denial of Service Vulnerability(JRASERVER-70808)

Atlassian Jira Server and Data CenterDenial of Service Vulnerability(JRASERVER-70813)

Atlassian Jira Server and Data Center Cross Site Scripting Vulnerability(JRASERVER-70858)

Atlassian Jira Server and Data Center Information Disclosure Vulnerability(JRASERVER-70942)

Atlassian Jira Server and Data Center Cross-Site Scripting Vulnerability(JRASERVER-71184)

 

2 answers

0 votes

You'll want to upgrade to a version that these have all been fixed in.

0 votes
Andy Heinzer Atlassian Team Nov 16, 2020

Hi @kirubakaran 

I see that you are using Jira 7.13.0 and have concerns about those security issues noted in those tickets. Nic is correct, you will need to upgrade Jira to a version at or above those listed fix versions in each of those bug tickets in order to prevent these vulnerabilities being exploited in Jira.

I looked at the fix versions of each of those bugs and right now I would recommend installing the latest 8.13.x version, as this is the current Enterprise release version.  As of today that would be 8.13.1.  There might be other acceptable versions that contain all these fixes, however this being an enterprise release means it is far more likely to keep getting critical bug fixes throughout it's two year life-span as outlined in our Support End of Life policy.

If you have not upgraded Jira before, I would recommend walking though our guide in Upgrading Jira applications for reference.

Let me know if you have any questions or concerns here.

Andy

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
7.13.0
TAGS
Community showcase
Published in Jira

Announcing the waitlist for Jira Work Management

Hey there Cloud Community members! We’re excited to give you the first glimpse of the new home for business teams on Jira — Jira Work Management. Jira Work Management is the next generation of J...

880 views 14 20
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you