Issue 1 (FS-312)

Under some circumstances a user with access rights limited according to the field security scheme may be able to access a hidden field value.

This issue affects security features provided by Fields Security Plugin only and does not affect any core Jira features.

This vulnerability is rated as Critical according to Atlassian's Severity Levels for Security Issues.

This issue affects all JFS versions for JIRA 8.0-8.8 starting from JFS 1.4.49_80 and up and is fixed in JFS 1.4.59 for JIRA 8.0-8.9.

How to fix

JIRA 8.0 and later

Upgrade to JFS 1.4.59. There is no need to re-apply the JFS patch.

  1. Ensure support & maintenance is active for your license.
  2. Navigate to Downloads page
  3. Download JFS 1.4.59 addon JAR file according to your JIRA version
  4. Upgrade the addon using JIRA Universal Plugin Manager ("Manage Add-ons")
  5. Restart your JIRA instance immediately (Note: this is mandatory!)
  6. There is no need to re-apply the JFS patch

Please contact support@quisapps.com in case of any questions.