Uploaded image for project: 'Xporter for Jira'
  1. Xporter for Jira
  2. XPORTER-3735

Remote Code Execution - Export and Import Settings

    XporterXMLWordPrintable

Details

    • JIRAXPORTER 2021 Sprint 5, JIRAXPORTER 2021 Sprint 6
    • OK

    Description

      Xporter for Jira Server is vulnerable to remote code execution on Export and Import Settings feature. A normal administrator can upload an arbitrary file to the server by importing settings from a malicious .zip file.

       

      Attachments

        Issue Links

          Activity

            People

              prpa Paulo Alves
              prpa Paulo Alves
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 4 days, 4 hours, 30 minutes
                  4d 4h 30m