SB2017121809 - Multiple vulnerabilities in Atlassian JIRA

Description

This security bulletin contains information about 10 secuirty vulnerabilities.

1) Cross-site scripting (CVE-ID: CVE-2017-16863)

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The weakness exists in the PieChart gadget due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

2) Server-side request forgery (CVE-ID: CVE-2017-16865)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the Trello importer due to server-side request forgery when running in an environment like Amazon EC2. A remote attacker can gain access to a metadata resource that provides access credentials and other potentially confidential information.

3) Cross-site request forgery (CVE-ID: CVE-2017-18033)

The vulnerability allows a remote attacker to write arbitrary files on the target system.

The weakness exists in the Jira-importers-plugin due to cross-site request forgery. A remote attacker can create new projects and abort an executing external system import.

4) Security restrictions bypass (CVE-ID: CVE-2017-18101)

The vulnerability allows a remote attacker to bypass security restrictions on the target system

The weakness exists improper permissions checks. A remote attacker can run import operations and to determine if an internal service exists through missing permission checks.

5) Cross-site scripting (CVE-ID: CVE-2017-16864)

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The weakness exists in the issue search resource due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

6) Cross-site scripting (CVE-ID: CVE-2017-14594)

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The weakness exists in the printable searchrequest issue resource due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

7) Cross-site scripting (CVE-ID: CVE-2017-18100)

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The weakness exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

8) Cross-site scripting (CVE-ID: CVE-2017-18039)

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The weakness exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

9) Cross-site request forgery (CVE-ID: CVE-2017-16862)

The weakness exists due to insufficient CSRF protections. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and modify the "incoming mail" whitelist setting.

10) Cross-site scripting (CVE-ID: CVE-2017-18098)

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The weakness exists in the searchrequest-xml resource due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Install update from vendor's website.

References

• https://jira.atlassian.com/browse/JRASERVER-66623
• https://jira.atlassian.com/browse/JRASERVER-66642
• https://jira.atlassian.com/browse/JRASERVER-66643
• https://jira.atlassian.com/browse/JRASERVER-67107
• https://jira.atlassian.com/browse/JRASERVER-66624
• https://jira.atlassian.com/browse/JRASERVER-66495
• https://jira.atlassian.com/browse/JRASERVER-67106
• https://jira.atlassian.com/browse/JRASERVER-66719
• https://jira.atlassian.com/browse/JRASERVER-66622
• https://jira.atlassian.com/browse/JRASERVER-67075