cbcvebase.
CVE-2010-1165
published 2010-04-20

CVE-2010-1165: Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2)…

PriorityP269critical9CVSS 2.0
AVNACLAuSCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
4.44%
90.2th percentile
Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.

Affected

14 ranges
VendorProductVersion rangeFixed in
atlassianjira
atlassianjira
atlassianjira
atlassianjira
atlassianjira
atlassianjira
atlassianjira
atlassianjira
atlassianjira
atlassianjira
atlassianjira
atlassianjira
atlassianjira
atlassianjira

CVSS provenance

nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vulncheck9.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.