||Affected Versions||
|4.2.4 <= version < 6.3.0|
An anonymous user can perform multiple attacks on a vulnerable JIRA instance that could cause remote code execution, the disclosure of private files or execute a denial of service attack against the JIRA server. This vulnerability is caused by the way an XML parser and deserializer was used in JIRA.
For additional details see the [full advisory|https://confluence.atlassian.com/x/vzBoN].
CPE | Name | Operator | Version |
---|---|---|---|
jira (including jira core) | le | 4.2.4 | |
jira (including jira core) | lt | 6.3 | |
jira (including jira core) | le | 6.2.7 |