Every time I open our hosted JIRA page (clioonline.atlassian.net), my virusscanner tells me that a file infected with CVE-2015-2488 is quarantined. I've scanned my system rigorously, with multiple tools, to no avail - the warning keeps popping up when the JIRA page is opened. No other page, I've opened, is giving me that warning.
Are you possibly infected with this exploit?
That's almost certainly something on your machine, not the JIRA website. All JIRA hands to your browser is images and html. If there is something bad in an image, then you uploaded it!
Also, the number refers to security issues in Internet Explorer, not a general attack on any technology used in JIRA.
I would encourage you to contact support.atlassian.com and provide the following details:
(1) What browser are you using?
(2) What operating system?
(3) What antivirus?
At present, that CVE (CVE-2015-2488) is marked as reserved pending release of details of any possible issue with an unknown software. I know of no vulnerability in our current systems, but will keep my ears out.
There is something off with his login page.. In the html i see base64 encoded payloads (an "image"), search for:
Dont have time do debase it, but it's not common practice to create a "background" picture (8.9kb) which is encoded like this.You normally just link to the image in the css.
Some developer at Atlassian might want to correct me on this?
Normally I would agree, but this happens only when I open an Atlassian hosted page, even these support pages - not on any other page, I've tried. And it happens as soon as the login page, so before I even get to any of our content.
I've checked multiple times - as soon as I open an Atlassian hosted page, a randomly named file is being quarantined. And this is from Firefox and Chrome. I hardly use IE at all.
In that case, your virus checker is broken. No-one else is reporting this, and the virus checker is reporting a reference that is a) not released and b) reserved for an IE security issue - so it's a wrong number whatever the cause. There is something on your machine that's given it a false lead or it's detecting incorrectly.
This morning our server-side sys admin contacted me to report that his virus scanner had posted several messages like this:
application-data/jira/tmp/webresources/697.cachedfile!(0): Html.Exploit.CVE_2015_2488 FOUND
This doesn't sound like the same issue you are having, mainly because you receive the warning before logging in, but it may be something to check at the server anyway. I am not sure what JIRA uses those cache file for. In our case I've asked the sys admin to zip the files and delete them from the server.
Did this issue ever get figured out? We have a user who receives this message whenever he logs onto another companies instance of JIRA or Confluence, but not on our own. I am investigating the issue for him, so any information would be great.
Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot