Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

URL Path Traversal in Jira Service Desk Server and Jira Service Desk Data Center

Irnik Iv
Irnik Iv
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 23, 2019

The issue:

https://jira.atlassian.com/browse/JSDSERVER-6517

 

My current product version:

JIRA v7.8.0

JIRA Agile v7.8.0-DAILY20180212023044

I don't have installed Jira Service Desk Server and Jira Service Desk Data Center.

 

Should I worry about this vulnerability issue? Is it affecting my products?

Answer
Watch
Like Be the first to like this
2381 views

2 answers

2 accepted

1 vote
Answer accepted
Alexis Robert
Alexis Robert
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
October 23, 2019

Hi @Irnik Iv , 

 

you are not affected by this security issue, but since your instance version is 7.8.0 you're still vulnerable to many securiy issues : https://confluence.atlassian.com/jira/security-advisories-112853939.html

You should upgrade as soon as possible to Jira 7.13.8.

 

Let me know if this helps, 

 

--Alexis 

View More Comments
Boris MBOUMEHANG
Boris MBOUMEHANG
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 23, 2019

Well seen Alexis! ;) 

Like Alexis Robert likes this
Reply
0 votes
Answer accepted
Boris MBOUMEHANG
Boris MBOUMEHANG
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 23, 2019

Hi, 

First of all, welcome to that Atlassian Community. It is good to have you here. 

As mentionned in the CVE details, this vulnerability only affects Jira Service Desk (Server and Data Center), even if users who set the "Browse Project" permission for their Jira Software or Jira Core projects to "Group - Anyone". 
So, you do not have to worry. 

But, if you still have doubts, you can ask the Atlassian support for confirmation.

I hope this will help. 

Thanks
Boris

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events