CVE-2010-1165

Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka...

Basic Information

CVE State: PUBLISHED
Reserved Date: March 29, 2010
Published Date: April 20, 2010
Last Updated: August 07, 2024
Vendor: Atlassian
Product: JIRA
Description: Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.

CVSS Scores

CVSS v2.0

9.0

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploit Status

Exploited in the Wild: Yes (2010-04-20 15:00:00 UTC) Source

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/57828 http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16 http://jira.atlassian.com/browse/JRA-20995 http://www.openwall.com/lists/oss-security/2010/04/16/3 http://www.openwall.com/lists/oss-security/2010/04/16/4 http://secunia.com/advisories/39353 http://www.securityfocus.com/bid/39485 http://jira.atlassian.com/browse/JRA-21004

Known Exploited Vulnerability Information

Source	Added Date
CVE	2010-04-20 15:00:00 UTC

Timeline

CVE ID Reserved

March 29, 2010
CVE Published to Public

April 20, 2010
Added to KEVIntel

April 20, 2010