CVE-2017-18101
MEDIUMAtlassian JIRA <7.6.5, 7.7.0-7.7.3, 7.8.0-7.8.3 - Unauthenticated Import Execution
Title source: llmDescription
Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.
References (2)
Core 2
Core References
Broken Link vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103730
Vendor Advisory x_refsource_confirm
https://jira.atlassian.com/browse/JRASERVER-67107
Scores
CVSS v3
6.5
EPSS
0.0038
EPSS Percentile
59.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-284
CWE-862
Status
published
Products (2)
atlassian/jira
< 7.6.5
atlassian/jira_server
7.7.0 - 7.7.3
Published
Apr 10, 2018
Tracked Since
Feb 18, 2026