Lucene search

3645502bbf60JRASERVER-78034

HistorySep 03, 2024 - 4:06 p.m.

org.springframework:spring-web used by Jira 9 contains vulnerabilities

2024-09-0316:06:06

3645502bbf60

jira.atlassian.com

jira 9

org.springframework

spring-web

vulnerabilities

cve-2024-38808

atlassian.

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

6.7

Confidence

Low

JSON

Jira 9 and possibly the upcoming Jira 10 are affected by CVE-2024-38808.

https://spring.io/security/cve-2024-38808
https://asecurityteam.atlassian.net/browse/VULN-1409329

Affected configurations

Vulners

Node

atlassianjira_data_centerRange≤9.17.2

VendorProductVersionCPE
atlassianjira_data_center*cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
atlassian	jira_data_center	*	cpe:2.3:a:atlassian:jira_data_center::::::::

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

6.7

Confidence

Low

JSON

Related for JRASERVER-78034