CVE-2014-2314
published 2014-03-09CVE-2014-2314: Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via…
PriorityP348medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
26.15%
97.7th percentile
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | jira | <= 6.0.3 | — |
| atlassian | jira | — | — |
| atlassian | jira | — | — |
| atlassian | jira | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP POST requests to the JIRA Issue Collector REST endpoint (/rest/collectors/1.0/tempattachment/) where the 'filename' query parameter contains directory traversal sequences (e.g., '..\') ↗
- →A successful exploit results in a JSP webshell being written to the JIRA web root (atlassian-jira folder); monitor for unexpected .jsp file creation under the JIRA installation directory ↗
- →The exploit targets JIRA versions prior to 6.0.4; check the JIRA version string in HTTP responses to identify unpatched instances ↗
- →A default traversal depth of 6 levels ('..\' repeated 6 times) is used in the filename parameter to escape from the tmp_attachments directory to the Atlassian installation root; use this pattern in WAF/IDS signatures ↗
- ·The exploit is only applicable to Windows environments; the directory traversal uses backslash ('\') separators and targets Windows file paths, so Linux/Unix JIRA deployments are not affected by this specific exploitation technique ↗
- ·The Metasploit module requires a valid Collector ID (COLLECTOR option) to be specified; the attack is scoped to an existing Issue Collector instance on the target JIRA server ↗
- ·The default JIRA web folder path assumed by the exploit is 'JIRA\atlassian-jira' relative to the Atlassian installation directory; non-default installation paths will require adjusting the JIRA_PATH advanced option ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
JIRA Issues Collector - Directory Traversal (Metasploit)
exploitdb·2014-04-07
CVE-2014-2314 JIRA Issues Collector - Directory Traversal (Metasploit)
JIRA Issues Collector - Directory Traversal (Metasploit)
---
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 'JIRA Issues Collector Directory Traversal',
'Description' => %q{
This module exploits a directory traversal flaw in JIRA 6.0.3. The vulnerability exists
in the issues collector code, while handling attachments provided by the user. It can be
exploited in Windows environments to get remote code execution. This module has been tested
successfully on JIRA 6.0.3 with Windows 2003 SP2 Server.
},
'Author' =>
[
'Philippe Arteau', # Vulnerability Discovery
'juan vazquez' # Metasploit module
],
'License' => MSF_LICENSE,
'References' =>
[
[ 'CVE', '2014-2314'],
[ '
Metasploit
JIRA Issues Collector Directory Traversal
metasploit
JIRA Issues Collector Directory Traversal
JIRA Issues Collector Directory Traversal
This module exploits a directory traversal flaw in JIRA 6.0.3. The vulnerability exists in the issues collector code, while handling attachments provided by the user. It can be exploited in Windows environments to get remote code execution. This module has been tested successfully on JIRA 6.0.3 with Windows 2003 SP2 Server.
No writeups or analysis indexed.
http://blog.h3xstream.com/2014/02/jira-path-traversal-explained.htmlhttp://www.exploit-db.com/exploits/32725https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26http://blog.h3xstream.com/2014/02/jira-path-traversal-explained.htmlhttp://www.exploit-db.com/exploits/32725https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26
2014-03-09
Published