Cisco reports, multiple vulnerabilities found in Jira

Cisco reports, multiple vulnerabilities found in Jira

Security issues seem to be trending, with Cisco now reporting vulnerabilities in Atlassian’s Jira software. The news comes prior to a separate case of critical vulnerabilities revealed by Atlassian on 18th September 2019.

 

On Monday 16th September, Cisco revealed multiple vulnerabilities in Atlassian’s Jira software which could allow for the disclosure of sensitive information, as well as the remote execution of JavaScript code.

 

A variety of scenarios could occur as a result of the bugs, one of which being the execution of code inside of Jira, and the disclosure of information in tasks created within Jira, including attachments.

Vulnerability details

As always we’d like to share the details with you, courtesy of Cisco.

Atlassian Jira WikiRenderer parser XSS vulnerability (TALOS-2019-0833/CVE-2019-8444)

An exploitable XSS vulnerability exists in the WikiRenderer functionality of Atlassian Jira, from version 7.6.4 to 8.1.0. A specially crafted comment can cause a persistent XSS. An attacker can create a comment or worklog entry to trigger this vulnerability.

Atlassian Jira CSRF login vulnerability (TALOS-2019-0834)

An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As a result, an attacker can log a user into the system under an unexpected account.

Atlassian Jira CSRF login vulnerability (TALOS-2019-0835/CVE-2019-14998)

An exploitable CSRF vulnerability exists in Atlassian Jira 7.6.4. An attacker controlling a subdomain different that the Jira hosting subdomain enables cookie injection and control of the CSRF header token. An attacker can create a cookie and submit CSRF attacks on behalf of a logged-in user to trigger this vulnerability.

Atlassian Jira Issue key information disclosure vulnerability (TALOS-2019-0836/CVE-2019-14995

An issue key information disclosure vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. Anonymous users can differentiate between valid issue keys and invalid issue keys via the `/rest/api/1.0/render` API endpoint.

Atlassian Jira issue attachment name information disclosure vulnerability (TALOS-2019-0837/CVE-2019-14995)

An issue attachment name information disclosure vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. Anonymous users can differentiate between valid attachment names and invalid attachment names for any given issue via `/rest/api/1.0/render` API endpoint.

Atlassian Jira Tempo plugin issue summary information disclosure vulnerability (TALOS-2019-0838/CVE-2019-5095)

An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin.

Atlassian Jira issueTable username information disclosure vulnerability (TALOS-2019-0839)

A username information disclosure vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. Anonymous users can differentiate between valid usernames and invalid usernames via `/rest/issueNav/1/issueTable` API endpoint.

Atlassian Jira worklog information disclosure vulnerability (TALOS-2019-0840)

A worklog information disclosure vulnerability exists in Atlassian Jira, versions 7.6.4 to 8.1.0. Authenticated users can view worklog details for issues they do not have permission to view via the `/rest/api/2/worklog/list` API endpoint. They can also obtain a list of worklog ID’s via `/rest/api/2/worklog/updated`.

Versions tested

Talos tested and confirmed that versions 7.6.4 through 8.1.0 of Atlassian Jira are affected by these vulnerabilities.

Help is on hand

ClearHost-Cloud

In accordance with their coordinated disclosure policy, Cisco Talos are working with Atlassian to ensure such issues are resolved and that an update is available for customers affected by the bugs.

If you’re a customer of ClearHost, our trusted cloud solution, we will have already mitigated the threat, so there’s no need to worry.

We can’t stress enough the importance of keeping your mission-critical tools secure; it may not have been you this time but it could be the next, these things aren’t planned for.

If you’re not protected get in touch with us to ensure your tools are taken care of by Atlassian experts who understand the importance of protecting your assets.

Share on facebook
Share
Share on google
Share
Share on twitter
Share
Share on linkedin
Share

Reader Interactions