QwikSec

Security Database

CVE

CWE

Training

CVE-2010-1165

Published: Apr 20, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

jira-pathsettings-priv-escalation(57828)

vdb-entry

x_refsource_XF

http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16

x_refsource_CONFIRM

http://jira.atlassian.com/browse/JRA-20995

x_refsource_CONFIRM

[oss-security] 20100416 CVE Request: JIRA Issues

mailing-list

x_refsource_MLIST

[oss-security] 20100416 Re: CVE Request: JIRA Issues

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

http://jira.atlassian.com/browse/JRA-21004

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.