Detections
Analytics

Atlassian JIRA < 6.1.4 Privilege Escalation

medium Nessus Plugin ID 73274

Language:

Synopsis

The remote web server hosts a web application that is potentially affected by a privilege escalation vulnerability.

Description

According to its self-reported version number, the version of Atlassian JIRA hosted on the remote web server is prior to 6.1.4. It is, therefore, potentially affected by a privilege escalation vulnerability, which allows a remote, unauthenticated attacker to commit actions on behalf of any authorized user.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to JIRA 6.1.4 or later.

See Also

http://www.nessus.org/u?7c962b4a

https://jira.atlassian.com/browse/JRA-35797

Plugin Details

Severity: Medium

ID: 73274

File Name: jira_6_1_4.nasl

Version: 1.10

Type: remote

Family: CGI abuses

Published: 3/31/2014

Updated: 6/5/2024

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Vulnerability Information

CPE: cpe:/a:atlassian:jira

Required KB Items: Settings/ParanoidReport, installed_sw/Atlassian JIRA

Excluded KB Items: Settings/disable_cgi_scanning

Patch Publication Date: 2/26/2014

Vulnerability Publication Date: 2/26/2014