HomePentest-Tools.com Logo

Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities CVE-2010-1164CVE-2010-1165

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Atlassian JIRA is prone to privilege escalation and multiple cross site scripting vulnerabilities.

Risk description

The flaws are caused because input passed to the - element or defaultColor parameters to the Colour Picker page, - formName and element parameters and the full user name field to the User Picker and Group Picker page, - announcement_preview_banner_st parameter to the Announcement Banner Preview page, - portletKey parameter to runportleterror.jsp, URL to issuelinksmall.jsp, - afterURL parameter to screenshot-redirecter.jsp, - Referrer HTTP request header to 500page.jsp - groupnames.jsp, indexbrowser.jsp, classpath-debug.jsp, viewdocument.jsp, and cleancommentspam.jsp are not properly sanitised before being returned to the user. It allows administrative users to change certain path settings, which can be exploited to gain operating system account privileges to the server infrastructure. Successful exploitation will let attackers to execute arbitrary script or gain higher privileges.

Recommendation

Upgrade to the Atlassian JIRA version 4.1.1 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 20, 2010
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available