CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
83.9%
h3. Issue Summary
Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011 [0][1][2], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service.
[0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated.
[1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated.
[2] The default Ehcache port is 40001 but it can be configured to be on a different port, see [Installing JIRA Data Center|https://confluence.atlassian.com/adminjiraserver/installing-jira-data-center-938846870.html#InstallingJiraDataCenter-parametersCluster.propertiesfileparameters] for more details.
Affected versions:
The versions of Jira Data Center, Jira Core Data Center, and Jira Software Data Center affected by this vulnerability are:
The versions of Jira Service Management Data Center affected by this vulnerability are:
h3. Fixed Versions
To address these issues, we have released Jira Data Center, Jira Core Data Center, and Jira Software Data Center:
Jira Service Management Data Center versions:
These versions can be downloaded at:
h3. Additional details
For additional details, see the full advisory: [https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html]
Vendor | Product | Version | CPE |
---|---|---|---|
atlassian | jira_data_center | * | cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
83.9%