CVE-2014-2314

Atlassian JIRA <6.0.4 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/32725

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Philippe Arteau, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/jira_collector_traversal.rb

View Code ZIP pw:eip

References (3)

[Exploit] http://blog.h3xstream.com/2014/02/jira-path-traversal-explained.html

[Exploit] http://www.exploit-db.com/exploits/32725

[Vendor Advisory] https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26

Scores

EPSS 0.6575

EPSS Percentile 98.5%

Details

CWE

CWE-22

Status published

Products (4)

atlassian/jira 6.0

atlassian/jira 6.0.1

atlassian/jira 6.0.2

atlassian/jira < 6.0.3

Published Mar 09, 2014

Tracked Since Feb 18, 2026