- Home
- CVEs with nessus.description==According to its self-reported version number, the version of Atlassian JIRA hosted on the remote web server is prior to version 6.0.4. It is, therefore, potentially affected by an arbitrary file creation vulnerability due to a flaw in the Issue Collector plugin in which the 'filename' POST parameter is not properly sanitized, which allows traversing outside a restricted path. A remote, unauthenticated attacker, using a crafted request, can exploit this vulnerability to create files in arbitrary directories in the JIRA installation.
This vulnerability only affects JIRA installations running on the Windows OS.
Note that the Issue Collector plugin for JIRA is also affected by this vulnerability; however, Nessus did not did confirm that this plugin is installed.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top