CVE-2017-18101
Last modified
CVE-2017-18101 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.. EPSS estimates a 1.12% chance of exploitation in the next 30 days.
Description
Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Jira | < 7.6.5 |
| Atlassian | Jira Server | >= 7.7.0, < 7.7.3 |
| Atlassian | Jira Server | >= 7.8.0, < 7.8.3 |
References
- http://www.securityfocus.com/bid/103730Broken Link
- https://jira.atlassian.com/browse/JRASERVER-67107Vendor Advisory
- http://www.securityfocus.com/bid/103730Broken Link
- https://jira.atlassian.com/browse/JRASERVER-67107Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-18101?
How severe is CVE-2017-18101?
How do I fix CVE-2017-18101?
Are you affected by CVE-2017-18101?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST