Clarification of term "web interface" and actions.

This question is in reference to Atlassian Documentation: JIRA and HipChat for JIRA plugin Security Advisory 2016-09-21

  1. In regards to the method of attack - it states that an attacker only needs access to the JIRA web interface. Can you further qualify? Would this include the external login page or would need to be an authenticated user? 
  2. Has there been any evidence of exploitation for Cloud customer instances and what kind of actions are being taken to determine if this vulnerability has been exploited during the period of exposure between versions: 6.4.8 <= version < 7.0.11?



1 answer

1 accepted

Accepted Answer
0 votes
  1. The userinterface is all of it, don't think it matters if they are authenticated or not. You would have to raise a request with support to get details, if you are not lucky enough to run into the person that discovered the bug here in the user forum.
  2. Atlassian isn't very open with this, and seeing how poor the audit logs are, i doubt they were looking for it. If they did look into it, and did find anything i doubt they would mention it. Once more, if you have security concerns for your own instance, they might be able to look into it. I assume they front-end their cloud stack with a rewrite proxy, so they might actually have logs they can look into if you suspect you were a victim. Once more, User forums, and we don't have many more answers than you.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Friday in Europe

Venue Needed! 23rd October

Hey Everyone! Unfortunately, the venue that was hosting us on the 23rd has pulled out so we're looking for a new venue.    If anyone would have a room free that we could use on the ev...

35 views 1 0
View post

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you