Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/103730 | Broken Link |
https://jira.atlassian.com/browse/JRASERVER-67107 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: atlassian
Published: 2018-04-10T00:00:00
Updated: 2018-04-12T09:57:02
Reserved: 2018-02-01T00:00:00
Link: CVE-2017-18101
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-04-10T13:29:00.383
Modified: 2022-04-22T20:40:12.933
Link: CVE-2017-18101
JSON object: View
Redhat Information
No data.