CVE-2016-4319 Atlassian JIRA Server auditing/settings Cross Site Request Forgery Vulnerability

漏洞类别:CGI

漏洞等级:

漏洞信息

Jira is a proprietary issue tracking product, developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.

Atlassian JIRA Server is prone to a cross-site request-forgery vulnerability in auditing/settings because it fails to properly validate HTTP requests.

Affected Software:
Atlassian JIRA Server versions prior to 7.1.9

QID Detection Logic:
This unauthenticated QID retrieves vulnerable installations of JIRA by visiting the secure/Dashboard.jspa webpage.

漏洞危害

Successful exploitation allows a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.

解决方案

Customers are advised to uprade to Atlassian JIRA 7.1.9 or later to remediate this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

Atlassian JIRA 7.1.9

Leave a Reply