Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.902047 |
Kategorie: | Web application abuses |
Titel: | Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities |
Zusammenfassung: | Atlassian JIRA is prone to privilege escalation and multiple cross; site scripting vulnerabilities. |
Beschreibung: | Summary: Atlassian JIRA is prone to privilege escalation and multiple cross site scripting vulnerabilities. Vulnerability Insight: The flaws are caused because input passed to the - 'element' or 'defaultColor' parameters to the 'Colour Picker' page, - 'formName' and 'element' parameters and the 'full user name' field to the 'User Picker' and 'Group Picker' page, - 'announcement_preview_banner_st' parameter to the 'Announcement Banner Preview' page, - 'portletKey' parameter to 'runportleterror.jsp', URL to 'issuelinksmall.jsp', - 'afterURL' parameter to 'screenshot-redirecter.jsp', - 'Referrer' HTTP request header to '500page.jsp' - 'groupnames.jsp', 'indexbrowser.jsp', 'classpath-debug.jsp', 'viewdocument.jsp', and 'cleancommentspam.jsp' are not properly sanitised before being returned to the user. It allows administrative users to change certain path settings, which can be exploited to gain operating system account privileges to the server infrastructure. Vulnerability Impact: Successful exploitation will let attackers to execute arbitrary script or gain higher privileges. Affected Software/OS: Atlassian JIRA version 3.12 through 4.1 Solution: Upgrade to the Atlassian JIRA version 4.1.1 or later. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C |
Querverweis: |
BugTraq ID: 39485 Common Vulnerability Exposure (CVE) ID: CVE-2010-1164 http://www.securityfocus.com/bid/39485 http://www.openwall.com/lists/oss-security/2010/04/16/3 http://www.openwall.com/lists/oss-security/2010/04/16/4 http://secunia.com/advisories/39353 XForce ISS Database: jira-element-xss(57827) https://exchange.xforce.ibmcloud.com/vulnerabilities/57827 XForce ISS Database: jira-groupnames-xss(57826) https://exchange.xforce.ibmcloud.com/vulnerabilities/57826 Common Vulnerability Exposure (CVE) ID: CVE-2010-1165 XForce ISS Database: jira-pathsettings-priv-escalation(57828) https://exchange.xforce.ibmcloud.com/vulnerabilities/57828 |
Copyright | Copyright (C) 2010 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |