The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.
References
Link | Resource |
---|---|
http://codewhitesec.blogspot.com/2017/04/amf.html | Technical Description |
http://www.securityfocus.com/bid/97379 | Third Party Advisory VDB Entry |
https://confluence.atlassian.com/jira063/jira-security-advisory-2017-03-09-875604401.html | Vendor Advisory |
https://jira.atlassian.com/browse/JRASERVER-64077 | Vendor Advisory |
https://www.kb.cert.org/vuls/id/307983 | Third Party Advisory US Government Resource VDB Entry |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2017-04-10 15:59
Updated : 2024-02-28 15:44
NVD link : CVE-2017-5983
Mitre link : CVE-2017-5983
CVE.ORG link : CVE-2017-5983
JSON object : View
Products Affected
atlassian
- jira
CWE
CWE-502
Deserialization of Untrusted Data