Detections
Analytics
Atlassian JIRA < 6.0.4 Arbitrary File Creation
medium Nessus Plugin ID 73272
Language:
Synopsis
The remote web server hosts a web application that is potentially affected by an arbitrary file creation vulnerability.Description
According to its self-reported version number, the version of Atlassian JIRA hosted on the remote web server is prior to version 6.0.4. It is, therefore, potentially affected by an arbitrary file creation vulnerability due to a flaw in the Issue Collector plugin in which the 'filename' POST parameter is not properly sanitized, which allows traversing outside a restricted path. A remote, unauthenticated attacker, using a crafted request, can exploit this vulnerability to create files in arbitrary directories in the JIRA installation.This vulnerability only affects JIRA installations running on the Windows OS.
Note that the Issue Collector plugin for JIRA is also affected by this vulnerability; however, Nessus did not did confirm that this plugin is installed.
Solution
Upgrade to JIRA 6.0.4 or later, and upgrade or disable the Issue Collector plugin.See Also
Plugin Details
Severity: Medium
ID: 73272
File Name: jira_6_0_4.nasl
Version: 1.12
Type: remote
Family: CGI abuses
Published: 3/31/2014
Updated: 6/5/2024
Configuration: Enable paranoid mode, Enable thorough checks
Supported Sensors: Nessus
Enable CGI Scanning: true
Risk Information
VPR
Risk Factor: Medium
Score: 4.9
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.6
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: cpe:/a:atlassian:jira
Required KB Items: Settings/ParanoidReport, installed_sw/Atlassian JIRA
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/26/2014
Vulnerability Publication Date: 2/26/2014
Exploitable With
Core Impact
Metasploit (JIRA Issues Collector Directory Traversal)
Reference Information
CVE: CVE-2014-2314
BID: 65849