Hillstone Networks

RULE（RULE ID：321998）

Rule General Information


Release Date:		2019-06-26

Rule Name:		Atlassian Jira Issue Collector Directory Traversal Vulnerability (CVE-2014-2314)

Severity:

CVE ID:

Rule Protection Details


Description:		Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.

Impact:		An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information.

Affected OS:		Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others

Reference:		ExploitDB:32725 http://blog.h3xstream.com/2014/02/jira-path-traversal-explained.html https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26

Solutions

The vendors have released upgrade patches to fix vulnerabilities, please visit:
https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26