Hi @Sasi Venugopal , welcome to the Community!
For this particular vulnerability, the severity is not based on an assumption of network access. Due to the way the unicode bidirectional characters are handled in various systems, including Jira before the patch, it would be possible for someone to trick a user into copying malicious code into a system.
Consider this scenario:
- A developer copies a piece of code from a blog or some other third-party source to their clipboard
- The developer pastes the code snippet into a Jira issue, behind a firewall
- The code snippet from Jira is included in a source file for an application the company is developing
In this short example, hidden characters could be included in the source even though Jira is behind a firewall. The fix changes the way Jira renders these characters so that they become visible.
Does this help answer your question?
Thanks,
Daniel | Atlassian Community
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.