Clarification of term "web interface" and actions.

This question is in reference to Atlassian Documentation: JIRA and HipChat for JIRA plugin Security Advisory 2016-09-21

  1. In regards to the method of attack - it states that an attacker only needs access to the JIRA web interface. Can you further qualify? Would this include the external login page or would need to be an authenticated user? 
  2. Has there been any evidence of exploitation for Cloud customer instances and what kind of actions are being taken to determine if this vulnerability has been exploited during the period of exposure between versions: 6.4.8 <= version < 7.0.11?



1 answer

1 accepted

  1. The userinterface is all of it, don't think it matters if they are authenticated or not. You would have to raise a request with support to get details, if you are not lucky enough to run into the person that discovered the bug here in the user forum.
  2. Atlassian isn't very open with this, and seeing how poor the audit logs are, i doubt they were looking for it. If they did look into it, and did find anything i doubt they would mention it. Once more, if you have security concerns for your own instance, they might be able to look into it. I assume they front-end their cloud stack with a rewrite proxy, so they might actually have logs they can look into if you suspect you were a victim. Once more, User forums, and we don't have many more answers than you.

Suggest an answer

Log in or Join to answer
Community showcase
Jason Wong
Published Tuesday in Agility Beta

Welcome to agility

Every team in the world is unique, and so   Atlassian believes   that each and every team's best way of working  needs to  be molded to their unique circumstances  – ...

454 views 7 16
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot