⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2010-1165Code Injection in Atlassian Jira

CWE-94Code Injection4 documents4 sources
Severity
9.0CRITICALNVD
EPSS
4.8%
top 10.45%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Atlassian Jira
Timeline
PublishedApr 20
Latest updateMay 2

Description

Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

NVDatlassian/jira14 versions+13

Patches

Patch: confluence.atlassian.comPatch: jira.atlassian.comPatch: confluence.atlassian.com

🔴Vulnerability Details

3
GHSA
GHSA-g9hc-46cq-rx26: Atlassian JIRA 32022-05-02
CVEList
CVE-2010-1165: Atlassian JIRA 32010-04-20
VulnCheck
Atlassian Jira Server and Data Center Improper Control of Generation of Code ('Code Injection')2010
CVE-2010-1165 — Code Injection in Atlassian Jira | cvebase