Every time I open our hosted JIRA page (clioonline.atlassian.net), my virusscanner tells me that a file infected with CVE-2015-2488 is quarantined. I've scanned my system rigorously, with multiple tools, to no avail - the warning keeps popping up when the JIRA page is opened. No other page, I've opened, is giving me that warning.
Are you possibly infected with this exploit?
That's almost certainly something on your machine, not the JIRA website. All JIRA hands to your browser is images and html. If there is something bad in an image, then you uploaded it!
Also, the number refers to security issues in Internet Explorer, not a general attack on any technology used in JIRA.
I would encourage you to contact support.atlassian.com and provide the following details:
(1) What browser are you using?
(2) What operating system?
(3) What antivirus?
At present, that CVE (CVE-2015-2488) is marked as reserved pending release of details of any possible issue with an unknown software. I know of no vulnerability in our current systems, but will keep my ears out.
There is something off with his login page.. In the html i see base64 encoded payloads (an "image"), search for:
Dont have time do debase it, but it's not common practice to create a "background" picture (8.9kb) which is encoded like this.You normally just link to the image in the css.
Some developer at Atlassian might want to correct me on this?
Normally I would agree, but this happens only when I open an Atlassian hosted page, even these support pages - not on any other page, I've tried. And it happens as soon as the login page, so before I even get to any of our content.
I've checked multiple times - as soon as I open an Atlassian hosted page, a randomly named file is being quarantined. And this is from Firefox and Chrome. I hardly use IE at all.
In that case, your virus checker is broken. No-one else is reporting this, and the virus checker is reporting a reference that is a) not released and b) reserved for an IE security issue - so it's a wrong number whatever the cause. There is something on your machine that's given it a false lead or it's detecting incorrectly.
This morning our server-side sys admin contacted me to report that his virus scanner had posted several messages like this:
application-data/jira/tmp/webresources/697.cachedfile!(0): Html.Exploit.CVE_2015_2488 FOUND
This doesn't sound like the same issue you are having, mainly because you receive the warning before logging in, but it may be something to check at the server anyway. I am not sure what JIRA uses those cache file for. In our case I've asked the sys admin to zip the files and delete them from the server.
Did this issue ever get figured out? We have a user who receives this message whenever he logs onto another companies instance of JIRA or Confluence, but not on our own. I am investigating the issue for him, so any information would be great.
Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs