Detections
Analytics
Atlassian JIRA 4.1.x < 4.1.2 Multiple Vulnerabilities
medium Nessus Plugin ID 47114
Language:
Synopsis
The remote web server hosts a web application that is potentially affected by multiple vulnerabilities.Description
According to its self-reported version number, the version of Atlassian JIRA hosted on the remote web server is 4.1.x prior to 4.1.2. It is, therefore, potentially affected by multiple vulnerabilities :- Multiple cross-site scripting vulnerabilities exit involving the URL query string passed to unspecified scripts.
- In the standalone distribution, cookies are not stored with the 'HttpOnly' option set.
- Users without 'JIRA Users' permission can login via crowd single sign on.
- There is a cross-site request forgery vulnerability involving the 'Logout' action.
- Unspecified vulnerabilities exists related to Bamboo and and FishEye when these plugins are enabled in JIRA.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Atlassian JIRA 4.1.2 or later.See Also
Plugin Details
Severity: Medium
ID: 47114
File Name: jira_4_1_2.nasl
Version: 1.13
Type: remote
Family: CGI abuses
Published: 6/22/2010
Updated: 6/5/2024
Configuration: Enable paranoid mode, Enable thorough checks
Supported Sensors: Nessus
Enable CGI Scanning: true
Vulnerability Information
CPE: cpe:/a:atlassian:jira
Required KB Items: Settings/ParanoidReport, installed_sw/Atlassian JIRA
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No known exploits are available
Patch Publication Date: 6/18/2010
Vulnerability Publication Date: 6/18/2010