Hello,
we have 2 Security Issues on our Jira-Server found by our security team after plugin installation.
We have to fix it or have to shut down the instance. Hence it is very urgent.
We use Jira 6.1.7 and jfs-1.4.21_61.jar with Patch jfs-patch-1.2.5-6.1.7-patch.zip
1. Vulnerability: CGI Generic Cross-Site Scripting
2. Vulnerability: CGI Generic Cookie Injection Scripting
See Attachment(Dropbox) for detailed findings.
THX for help,
Regards,
Sven Hock
Fixed in 1.4.22
Hello Sven,
Thanks a lot for the report! We've just released v1.4.22 for JIRA 6.0-6.2 which fixes the vulnerabilities.
Available at downloads page http://quisapps.com/download
Alex