Page tree

You are on the Xporter Server documentation. If you are looking for Xporter Cloud documentation, you can find it in this page.

Skip to end of metadata
Go to start of metadata
We recommend the update of Xporter for Jira Server & Data Center to the 6.9.7 - latest version.

Xporter for Jira Server and Data Center - Remote Code Execution on Templates export

Summary

Remote Code Execution on Templates export

Advisory Release Date

 10:00 AM CET 

Product

Xporter for Jira Server & Data Center

Affected on Xporter for Jira Server & Jira Data Center Versions

Jira 8: 6.9.6 and earlier

Jira 7: 6.9.6-j7 and earlier

Fixed on Xporter Jira Server & Jira Data Center Versions

Jira 8: 6.9.7 and later

Jira 7: 6.9.7-j7 and later

Summary of Vulnerability

This advisory discloses a security vulnerability classified as critical that was present in Xporter for Jira Server & Data Center. Versions of Jira Server & Data Center affected by this vulnerability:

  • 6.9.6 and earlier (fixed in 6.9.7 and later).

Customers who have upgraded Xporter for Jira Server & Data Center to version 6.9.7 or higher are not affected.

Customers who are on any of the affected versions, upgrade your Xporter for Jira Server & Data Center installations immediately to fix this vulnerability.

Severity

We rate the severity level of this vulnerability as critical, according to the scale published in Bugcrowd’s Vulnerability Rating Taxonomy. The scale allows us to rank the severity as critical, high, moderate, or low.

This is our assessment and you should evaluate its applicability to your own IT environment.


Description

We detected a Remote Code Execution vulnerability on the Template export.

The issue can be tracked here: 

XPORTER-3966 - Getting issue details... STATUS


Fix

We have released Xporter for Jira Server & DC version 6.9.7 which is available for upgrade through the Atlassian Marketplace.


What You Need to Do

Upgrade

You can upgrade to the latest version of Xporter for Jira Server & Data Center using the Universal Plugin Manager as explained in Updating apps

Support

If you have questions or concerns regarding this advisory, please raise a support request here.

  • No labels