Clarification of term "web interface" and actions.

This question is in reference to Atlassian Documentation: JIRA and HipChat for JIRA plugin Security Advisory 2016-09-21

  1. In regards to the method of attack - it states that an attacker only needs access to the JIRA web interface. Can you further qualify? Would this include the external login page or would need to be an authenticated user? 
  2. Has there been any evidence of exploitation for Cloud customer instances and what kind of actions are being taken to determine if this vulnerability has been exploited during the period of exposure between versions: 6.4.8 <= version < 7.0.11?

Thanks!

 

1 answer

1 accepted

  1. The userinterface is all of it, don't think it matters if they are authenticated or not. You would have to raise a request with support to get details, if you are not lucky enough to run into the person that discovered the bug here in the user forum.
  2. Atlassian isn't very open with this, and seeing how poor the audit logs are, i doubt they were looking for it. If they did look into it, and did find anything i doubt they would mention it. Once more, if you have security concerns for your own instance, they might be able to look into it. I assume they front-end their cloud stack with a rewrite proxy, so they might actually have logs they can look into if you suspect you were a victim. Once more, User forums, and we don't have many more answers than you.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published yesterday in Marketplace Apps

Tips on how to choose the best estimation method for your planning

Planning and grooming sessions all come with their own sets of rules. Team members meet to estimate stories or other work items, all according to an agreed-upon process. And with every session comes ...

57 views 0 11
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you