Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Atlassian Jira Server and Data Center Denial of service Vulnerability (JRASERVER-71197, JRASERVER-71

kirubakaran
kirubakaran November 9, 2020

We have received the below vulnerabilities in JIRA Application could you please help on this.

 

Atlassian Jira Server and Data Center Cross Site Scripting Vulnerability(JRASERVER-70814)
Atlassian Jira Server and Data Center Multiple Vulnerabilities(JRASERVER-70883, JRASERVER-70882,JRASERVER-70881)

Atlassian Jira Server and Data Center Denial of Service Vulnerability(JRASERVER-70808)

Atlassian Jira Server and Data CenterDenial of Service Vulnerability(JRASERVER-70813)

Atlassian Jira Server and Data Center Cross Site Scripting Vulnerability(JRASERVER-70858)

Atlassian Jira Server and Data Center Information Disclosure Vulnerability(JRASERVER-70942)

Atlassian Jira Server and Data Center Cross-Site Scripting Vulnerability(JRASERVER-71184)

 

Answer
Watch
Like Be the first to like this
469 views

2 answers

0 votes
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 16, 2020

Hi @kirubakaran 

I see that you are using Jira 7.13.0 and have concerns about those security issues noted in those tickets. Nic is correct, you will need to upgrade Jira to a version at or above those listed fix versions in each of those bug tickets in order to prevent these vulnerabilities being exploited in Jira.

I looked at the fix versions of each of those bugs and right now I would recommend installing the latest 8.13.x version, as this is the current Enterprise release version.  As of today that would be 8.13.1.  There might be other acceptable versions that contain all these fixes, however this being an enterprise release means it is far more likely to keep getting critical bug fixes throughout it's two year life-span as outlined in our Support End of Life policy.

If you have not upgraded Jira before, I would recommend walking though our guide in Upgrading Jira applications for reference.

Let me know if you have any questions or concerns here.

Andy

Reply
0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
November 10, 2020

You'll want to upgrade to a version that these have all been fixed in.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
DEPLOYMENT TYPE
SERVER
VERSION
7.13.0
TAGS
AUG Leaders

Atlassian Community Events

    See all events