CVE-2017-18101 Information
Feb 14, 2021
cve
Description
Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5 from version 7.7.0 before version 7.7.3 from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Reference
http://www.securityfocus.com/bid/103730 https://jira.atlassian.com/browse/JRASERVER-67107
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.5
Share on: