CVE-2010-1165
Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- March 29, 2010
- Published Date
- April 20, 2010
- Last Updated
- August 07, 2024
- Vendor
- Atlassian
- Product
- JIRA
- Description
- Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.
CVSS Scores
CVSS v2.0
9.0
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Exploit Status
- Exploited in the Wild
- Yes (2010-04-20 15:00:00 UTC) Source
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/57828
http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16
http://jira.atlassian.com/browse/JRA-20995
http://www.openwall.com/lists/oss-security/2010/04/16/3
http://www.openwall.com/lists/oss-security/2010/04/16/4
http://secunia.com/advisories/39353
http://www.securityfocus.com/bid/39485
http://jira.atlassian.com/browse/JRA-21004
Known Exploited Vulnerability Information
Source | Added Date |
---|---|
CVE | 2010-04-20 15:00:00 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel