Cisco reports, multiple vulnerabilities found in Jira
Security issues seem to be trending, with Cisco now reporting vulnerabilities in Atlassian’s Jira software. The news comes prior to a separate case of critical vulnerabilities revealed by Atlassian on 18th September 2019.
- September 19, 2019
Security issues seem to be trending, with Cisco now reporting vulnerabilities in Atlassian’s Jira software. The news comes prior to a separate case of critical vulnerabilities revealed by Atlassian on 18th September 2019.
On Monday 16th September, Cisco revealed multiple vulnerabilities in Atlassian’s Jira Software which could allow for the disclosure of sensitive information, as well as the remote execution of JavaScript code.
A variety of scenarios could occur as a result of the bugs, one of which being the execution of code inside of Jira, and the disclosure of information in tasks created within Jira, including attachments.
Vulnerability details
As always we’d like to share the details with you, courtesy of Cisco.
Atlassian Jira WikiRenderer parser XSS vulnerability (TALOS-2019-0833/CVE-2019-8444)
An exploitable XSS vulnerability exists in the WikiRenderer functionality of Atlassian Jira, from version 7.6.4 to 8.1.0. A specially crafted comment can cause a persistent XSS. An attacker can create a comment or worklog entry to trigger this vulnerability.
Atlassian Jira CSRF login vulnerability (TALOS-2019-0834)
An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As a result, an attacker can log a user into the system under an unexpected account.
Atlassian Jira CSRF login vulnerability (TALOS-2019-0835/CVE-2019-14998)
An exploitable CSRF vulnerability exists in Atlassian Jira 7.6.4. An attacker controlling a subdomain different that the Jira hosting subdomain enables cookie injection and control of the CSRF header token. An attacker can create a cookie and submit CSRF attacks on behalf of a logged-in user to trigger this vulnerability.
Atlassian Jira Issue key information disclosure vulnerability (TALOS-2019-0836/CVE-2019-14995
An issue key information disclosure vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. Anonymous users can differentiate between valid issue keys and invalid issue keys via the `/rest/api/1.0/render` API endpoint.
Atlassian Jira issue attachment name information disclosure vulnerability (TALOS-2019-0837/CVE-2019-14995)
An issue attachment name information disclosure vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. Anonymous users can differentiate between valid attachment names and invalid attachment names for any given issue via `/rest/api/1.0/render` API endpoint.
Atlassian Jira Tempo plugin issue summary information disclosure vulnerability (TALOS-2019-0838/CVE-2019-5095)
An issue summary information disclosure vulnerability exists in the Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin.
Atlassian Jira issueTable username information disclosure vulnerability (TALOS-2019-0839)
A username information disclosure vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. Anonymous users can differentiate between valid usernames and invalid usernames via `/rest/issueNav/1/issueTable` API endpoint.
Atlassian Jira worklog information disclosure vulnerability (TALOS-2019-0840)
A worklog information disclosure vulnerability exists in Atlassian Jira, versions 7.6.4 to 8.1.0. Authenticated users can view worklog details for issues they do not have permission to view via the `/rest/api/2/worklog/list` API endpoint. They can also obtain a list of worklog ID’s via `/rest/api/2/worklog/updated`.
Versions tested
Talos tested and confirmed that versions 7.6.4 through 8.1.0 of Atlassian Jira are affected by these vulnerabilities.
Help is on hand
In accordance with their coordinated disclosure policy, Cisco Talos is working with Atlassian to ensure such issues are resolved and that an update is available for customers affected by the bugs.
If you’re a customer of ClearHost, our trusted cloud solution, we will have already mitigated the threat, so there’s no need to worry.
We can’t stress enough the importance of keeping your mission-critical tools secure; it may not have been you this time but it could be the next, these things aren’t planned for.
If you’re not protected get in touch with us to ensure your tools are taken care of by Atlassian experts who understand the importance of protecting your assets.
clearvisionwebmaster
Atlasssian expert resources
Visit our blog for expert news and articles from the Atlassian world. On our resources page you will find recorded webinars, white papers, podcasts, videos and more.
The Software Blog
Read our blog for articles offering best practice advice written by Atlassian experts, as well as the latest news concerning your software.
Software White Papers and Guides
Dive deep into Atlassian software with our white papers and guides on individual tools, partner products, services, and best practices, written by the experts.
Expert Webinars
All of our webinars are pre-recorded and available to watch on-demand. Enjoy everything from partner features to application demos and updates from Atlassian experts.
