Jira Security Issues Cross-Site-Scripting (XSS)

  • Sven
Posted: Mon, 04/14/2014 - 10:48

Hello,

we have 2 Security Issues on our Jira-Server found by our security team after plugin installation.
We have to fix it or have to shut down the instance. Hence it is very urgent.

We use Jira 6.1.7 and jfs-1.4.21_61.jar  with Patch jfs-patch-1.2.5-6.1.7-patch.zip

1. Vulnerability: CGI Generic Cross-Site Scripting
2. Vulnerability: CGI Generic Cookie Injection Scripting

Info from security team.

See Attachment(Dropbox) for detailed findings.

THX for help,

Regards,
Sven Hock

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Fixed in 1.4.22

  • admin
  • 02/16/10
  • Tue, 04/15/2014 - 11:19

Hello Sven,

Thanks a lot for the report! We've just released v1.4.22 for JIRA 6.0-6.2 which fixes the vulnerabilities.
Available at downloads page http://quisapps.com/download

Alex