Monday, September 16, 2019

Vulnerability Spotlight: Multiple vulnerabilities in Atlassian Jira


Ben Taylor of Cisco ASIG discovered these vulnerabilities.

Atlassian’s Jira software contains multiple vulnerabilities that could allow an attacker to carry out a variety of actions, including the disclosure of sensitive information and the remote execution of JavaScript code. Jira is a piece of software that allows users to create, manage and organize tasks and manage projects. These bugs could create a variety of scenarios, including the ability to execute code inside of Jira and the disclosure of information inside of tasks created in Jira, including attached documents.

In accordance with our coordinated disclosure policy, Cisco Talos worked with Atlassian to ensure that these issues are resolved and that an update is available for affected customers.

Vulnerability details

Atlassian Jira WikiRenderer parser XSS vulnerability (TALOS-2019-0833/CVE-2019-8444)

An exploitable XSS vulnerability exists in the WikiRenderer functionality of Atlassian Jira, from version 7.6.4 to 8.1.0. A specially crafted comment can cause a persistent XSS. An attacker can create a comment or worklog entry to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Atlassian Jira CSRF login vulnerability (TALOS-2019-0834)

An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn't require a CSRF token. As a result, an attacker can log a user into the system under an unexpected account.

Read the complete vulnerability advisory here for additional information.

Atlassian Jira CSRF login vulnerability (TALOS-2019-0835/CVE-2019-14998)

An exploitable CSRF vulnerability exists in Atlassian Jira 7.6.4. An attacker controlling a subdomain different that the Jira hosting subdomain enables cookie injection and control of the CSRF header token. An attacker can create a cookie and submit CSRF attacks on behalf of a logged-in user to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Atlassian Jira Issue key information disclosure vulnerability (TALOS-2019-0836/CVE-2019-14995

An issue key information disclosure vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. Anonymous users can differentiate between valid issue keys and invalid issue keys via the `/rest/api/1.0/render` API endpoint.

Read the complete vulnerability advisory here for additional information.

Atlassian Jira issue attachment name information disclosure vulnerability (TALOS-2019-0837/CVE-2019-14995)

An issue attachment name information disclosure vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. Anonymous users can differentiate between valid attachment names and invalid attachment names for any given issue via `/rest/api/1.0/render` API endpoint.

Read the complete vulnerability advisory here for additional information.

Atlassian Jira Tempo plugin issue summary information disclosure vulnerability (TALOS-2019-0838/CVE-2019-5095)

An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin.

Read the complete vulnerability advisory here for additional information.

Atlassian Jira issueTable username information disclosure vulnerability (TALOS-2019-0839/CVE-2019-8446)

A username information disclosure vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. Anonymous users can differentiate between valid usernames and invalid usernames via `/rest/issueNav/1/issueTable` API endpoint.

Read the complete vulnerability advisory here for additional information.

Atlassian Jira worklog information disclosure vulnerability (TALOS-2019-0840/CVE-2019-8445)

A worklog information disclosure vulnerability exists in Atlassian Jira, versions 7.6.4 to 8.1.0. Authenticated users can view worklog details for issues they do not have permission to view via the `/rest/api/2/worklog/list` API endpoint. They can also obtain a list of worklog ID's via `/rest/api/2/worklog/updated`.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that versions 7.6.4 through 8.1.0 of Atlassian Jira are affected by these vulnerabilities.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 50110, 50111, 50114

No comments:

Post a Comment