Clarification of term "web interface" and actions.

This question is in reference to Atlassian Documentation: JIRA and HipChat for JIRA plugin Security Advisory 2016-09-21

  1. In regards to the method of attack - it states that an attacker only needs access to the JIRA web interface. Can you further qualify? Would this include the external login page or would need to be an authenticated user? 
  2. Has there been any evidence of exploitation for Cloud customer instances and what kind of actions are being taken to determine if this vulnerability has been exploited during the period of exposure between versions: 6.4.8 <= version < 7.0.11?



1 answer

1 accepted

0 votes
Accepted answer
  1. The userinterface is all of it, don't think it matters if they are authenticated or not. You would have to raise a request with support to get details, if you are not lucky enough to run into the person that discovered the bug here in the user forum.
  2. Atlassian isn't very open with this, and seeing how poor the audit logs are, i doubt they were looking for it. If they did look into it, and did find anything i doubt they would mention it. Once more, if you have security concerns for your own instance, they might be able to look into it. I assume they front-end their cloud stack with a rewrite proxy, so they might actually have logs they can look into if you suspect you were a victim. Once more, User forums, and we don't have many more answers than you.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted 11 hours ago in Canada

Happy New Year - First AUG of the year - great success

Hi Everyone, Hope everyone had a great holiday season and is ready for an exciting 2019.  We had our first AUG last night featuring Tempo Timesheets.  A great presentation and lots of int...

15 views 0 1
View post

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you