CVE-2010-1165

Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka...

Basic Information

CVE State
PUBLISHED
Reserved Date
March 29, 2010
Published Date
April 20, 2010
Last Updated
August 07, 2024
Vendor
Atlassian
Product
JIRA
Description
Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.

CVSS Scores

CVSS v2.0

9.0

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploit Status

Exploited in the Wild
Yes (2010-04-20 15:00:00 UTC) Source

Known Exploited Vulnerability Information

Source Added Date
CVE 2010-04-20 15:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel