cbcvebase.
CVE-2014-2314
published 2014-03-09

CVE-2014-2314: Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via…

PriorityP348medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
26.15%
97.7th percentile
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.

Affected

4 ranges
VendorProductVersion rangeFixed in
atlassianjira<= 6.0.3
atlassianjira
atlassianjira
atlassianjira

Detection & IOCsextracted from sources · hover to see the quote

url/rest/collectors/1.0/tempattachment/<COLLECTOR_ID>
path..\..\..\..\..\..\
pathC:\Program Files\Atlassian\JIRA\atlassian-jira\QhVRutsh.jsp
pathC:\Program Files\Atlassian\Application Data\JIRA\caches\tmp_attachments\
port8080
  • Monitor HTTP POST requests to the JIRA Issue Collector REST endpoint (/rest/collectors/1.0/tempattachment/) where the 'filename' query parameter contains directory traversal sequences (e.g., '..\')
  • A successful exploit results in a JSP webshell being written to the JIRA web root (atlassian-jira folder); monitor for unexpected .jsp file creation under the JIRA installation directory
  • The exploit targets JIRA versions prior to 6.0.4; check the JIRA version string in HTTP responses to identify unpatched instances
  • A default traversal depth of 6 levels ('..\' repeated 6 times) is used in the filename parameter to escape from the tmp_attachments directory to the Atlassian installation root; use this pattern in WAF/IDS signatures
  • ·The exploit is only applicable to Windows environments; the directory traversal uses backslash ('\') separators and targets Windows file paths, so Linux/Unix JIRA deployments are not affected by this specific exploitation technique
  • ·The Metasploit module requires a valid Collector ID (COLLECTOR option) to be specified; the attack is scoped to an existing Issue Collector instance on the target JIRA server
  • ·The default JIRA web folder path assumed by the exploit is 'JIRA\atlassian-jira' relative to the Atlassian installation directory; non-default installation paths will require adjusting the JIRA_PATH advanced option
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.