CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
76.1%
h3. Issue Summary
Apache Tomcat should be upgraded to 8.5.96 and later or 9.0.83 or a newer version to fixΒ [CVE-2023-46589|https://nvd.nist.gov/vuln/detail/CVE-2023-46589]
Tomcat versions bundles with Jira can be found in our [Bundled Tomcat and Java versions|https://confluence.atlassian.com/jiracore/bundled-tomcat-and-java-versions-1013854250.html] article
This is reproducible on Data Center:Β (/)
h3. Steps to Reproduce
h3. Expected Results
h3. Actual Results
h3. Workaround
To mitigate the issue, it is possible to manually upgrade Apache Tomcat by following the process described in the KB article below but please note that this will place the application in an {}unsupported state{}:
{}WARNING{}: Unless still reproducible on official releases, Atlassian Support may refuse support requests for Jira running over unofficial Tomcat versions.
Vendor | Product | Version | CPE |
---|---|---|---|
atlassian | jira_data_center | * | cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:* |