Vulnerability Description
Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Jira | 3.12 |
Related Weaknesses (CWE)
References
- http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16PatchVendor Advisory
- http://jira.atlassian.com/browse/JRA-20995Vendor Advisory
- http://jira.atlassian.com/browse/JRA-21004PatchVendor Advisory
- http://secunia.com/advisories/39353Vendor Advisory
- http://www.openwall.com/lists/oss-security/2010/04/16/3
- http://www.openwall.com/lists/oss-security/2010/04/16/4
- http://www.securityfocus.com/bid/39485
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57828
- http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16PatchVendor Advisory
- http://jira.atlassian.com/browse/JRA-20995Vendor Advisory
- http://jira.atlassian.com/browse/JRA-21004PatchVendor Advisory
- http://secunia.com/advisories/39353Vendor Advisory
- http://www.openwall.com/lists/oss-security/2010/04/16/3
- http://www.openwall.com/lists/oss-security/2010/04/16/4
- http://www.securityfocus.com/bid/39485
FAQ
What is CVE-2010-1165?
CVE-2010-1165 is a vulnerability with a CVSS score of 9.0 (HIGH). Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and...
How severe is CVE-2010-1165?
CVE-2010-1165 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1165?
Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Jira.