CVE-2010-1165

EXPLOITED IN THE WILD

Atlassian JIRA 3.12-4.1 - Authenticated Remote Code Execution via Path Modification

Title source: llm

Exploitation Summary

CVE-2010-1165 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).

Description

Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.

References (8)

Core 8

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/57828

Patch, Vendor Advisory x_refsource_confirm

http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16

Vendor Advisory x_refsource_confirm

http://jira.atlassian.com/browse/JRA-20995

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2010/04/16/3

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2010/04/16/4

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/39353

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/39485

Patch, Vendor Advisory x_refsource_confirm

http://jira.atlassian.com/browse/JRA-21004

Scores

EPSS 0.0485

EPSS Percentile 89.7%

Details

VulnCheck KEV 2010-04-20

InTheWild.io 2017-08-17

CWE

CWE-94

Status published

Products (14)

atlassian/jira 3.12

atlassian/jira 3.12.1

atlassian/jira 3.12.2

atlassian/jira 3.12.3

atlassian/jira 3.13

atlassian/jira 3.13.1

atlassian/jira 3.13.2

atlassian/jira 3.13.3

atlassian/jira 3.13.4

atlassian/jira 3.13.5

... and 4 more

Published Apr 20, 2010

Tracked Since Feb 18, 2026