QID 730327

Date Published: 2022-01-12

QID 730327: Atlassian Jira Server Multiple Security Vulnerabilities (JRASERVER-73171, JRASERVER-73071, JRASERVER-73070)

Jira is a proprietary issue tracking product, developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.

Affected version:
Atlassian Jira Server and Data Center version below 8.21.0

QID Detection Logic:(Unauthenticated)
It checks for vulnerable version of Atlassian Jira.

Successful exploitation of these vulnerabilities may allow remote attacker to impact the application's confidentiality, integrity and availability via Request Smuggling, Denial of service, Broken Authentication Vulnerability.

  • CVSS V3 rated as High - 7.5 severity.
  • CVSS V2 rated as Medium - 5 severity.
  • Solution
    Customers are advised to refer to JRASERVER-73171, JRASERVER-73071, JRASERVER-73070 for updates pertaining to this vulnerability.
    Workaround:
    You can manually upgrade the Apache Tomcat version used by Jira following the procedures outlined in the following article: How to Upgrade Apache Tomcat version in Jira

    CVEs related to QID 730327

    Software Advisories
    Advisory ID Software Component Link
    JRASERVER-73070 URL Logo jira.atlassian.com/browse/JRASERVER-73070
    JRASERVER-73071 URL Logo jira.atlassian.com/browse/JRASERVER-73071
    JRASERVER-73171 URL Logo jira.atlassian.com/browse/JRASERVER-73171