QID 730327
Date Published: 2022-01-12
QID 730327: Atlassian Jira Server Multiple Security Vulnerabilities (JRASERVER-73171, JRASERVER-73071, JRASERVER-73070)
Jira is a proprietary issue tracking product, developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.
Affected version:
Atlassian Jira Server and Data Center version below 8.21.0
QID Detection Logic:(Unauthenticated)
It checks for vulnerable version of Atlassian Jira.
Successful exploitation of these vulnerabilities may allow remote attacker to impact the application's confidentiality, integrity and availability via Request Smuggling, Denial of service, Broken Authentication Vulnerability.
Solution
Customers are advised to refer to JRASERVER-73171, JRASERVER-73071, JRASERVER-73070 for updates pertaining to this vulnerability.
Workaround:
You can manually upgrade the Apache Tomcat version used by Jira following the procedures outlined in the following article: How to Upgrade Apache Tomcat version in Jira
Workaround:
You can manually upgrade the Apache Tomcat version used by Jira following the procedures outlined in the following article: How to Upgrade Apache Tomcat version in Jira
Vendor References
- JRASERVER-73070 -
jira.atlassian.com/browse/JRASERVER-73070 - JRASERVER-73071 -
jira.atlassian.com/browse/JRASERVER-73071 - JRASERVER-73171 -
jira.atlassian.com/browse/JRASERVER-73171
CVEs related to QID 730327
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| JRASERVER-73070 |
|
||
| JRASERVER-73071 |
|
||
| JRASERVER-73171 |
|