[XPORTER-3735] Remote Code Execution - Export and Import Settings - Xblend Issue Tracker

Xporter

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Release 5.2.0
Fix Version/s: 6.7.2
Component/s: Security
Labels:
- security_vulnerability_critical

Sprint:
JIRAXPORTER 2021 Sprint 5, JIRAXPORTER 2021 Sprint 6
Requirement Status:
OK
- 1

Description

Xporter for Jira Server is vulnerable to remote code execution on Export and Import Settings feature. A normal administrator can upload an arbitrary file to the server by importing settings from a malicious .zip file.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

rce_import_settings (1).mp4
11.91 MB
05/May/21 5:45 PM

Issue Links

mentioned in: Page Loading...; Page Loading...

Activity

People

Assignee:: Paulo Alves

Reporter:: Paulo Alves

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 20/Apr/21 10:08 AM

Updated:: 16/Apr/24 2:15 PM

Resolved:: 02/Jun/21 10:30 AM

Time Tracking

Estimated:

Remaining:

Logged:

4d 4h 30m