Vulnerability Description
The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Jira | < 3.13.2 |
Related Weaknesses (CWE)
References
- http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2008-12-09PatchVendor Advisory
- http://secunia.com/advisories/33084Vendor Advisory
- http://www.osvdb.org/52707Broken Link
- http://www.securityfocus.com/bid/32746Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47211VDB Entry
- http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2008-12-09PatchVendor Advisory
- http://secunia.com/advisories/33084Vendor Advisory
- http://www.osvdb.org/52707Broken Link
- http://www.securityfocus.com/bid/32746Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47211VDB Entry
FAQ
What is CVE-2008-6531?
CVE-2008-6531 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method call...
How severe is CVE-2008-6531?
CVE-2008-6531 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6531?
Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Jira.