'Re: [oss-security] CVE Request: JIRA Issues'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: JIRA Issues
From:       Josh Bressers <bressers () redhat ! com>
Date:       2010-04-16 15:01:05
Message-ID: 1046246154.1020891271430065619.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]


----- "Eren Türkay" <eren@pardus.org.tr> wrote:

> Hello,
> 
> As you probably know, Apache.org services were taken down due to the XSS
> and privilege escalation flaws in JIRA. Atlassian patched the issues, and
> released an advisory.
> 
> Bug entires:
> 
> XSS Vulnerability: http://jira.atlassian.com/browse/JRA-20994
> Privilege escalation: http://jira.atlassian.com/browse/JRA-20995
> 
> JIRA Advisory: 
> http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16
> 

Here you go:
CVE-2010-1164 JIRA XSS Vulnerability (JRA-20994)
CVE-2010-1165 JIRA Privilege escalation (JRA-20995)

Thanks

-- 
    JB

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic