Jira Desk Server ºÍ Data Center·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-11-11

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-15003£¬ £¬£¬£¬ £¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬ £¬£¬£¬ £¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-15004£¬ £¬£¬£¬ £¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬ £¬£¬£¬ £¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


Jira Service Desk Server andJira Service Desk Data Center

version < 3.9.17

3.10.0 <= version < 3.16.11

4.0.0 <= version < 4.2.6

4.3.0 <= version < 4.3.5

4.4.0 <= version < 4.4.3

4.5.0 <= version < 4.5.1


·ì϶¸ÅÊö


Atlassian Jira Service Desk ServerºÍAtlassian Jira Service Desk Data Center¶¼ÊÇ°Ä´óÀûÑÇAtlassian¹«Ë¾µÄ²úÆ·¡£¡£¡£¡£ ¡£¡£Atlassian Jira Service Desk ServerÊÇÒ»Ì×IT·þÎñ̨ÓëÒªÇó¸ú×ÙϵͳµÄ·þÎñÆ÷°æ¡£¡£¡£¡£ ¡£¡£¸ÃϵͳÖØÒªÓÃÓڽӹܡ¢¸ú×ÙºÍÖÎÀíÍŶӿͻ§µÄÒªÇ󡣡£¡£¡£ ¡£¡£Atlassian Jira Service Desk Data CenterÊÇAtlassian Jira Service DeskµÄÊý¾ÝÖÐÐÄ°æ±¾¡£¡£¡£¡£ ¡£¡£´æÔÚÈçÏ·ì϶£º


ÐÅϢй¶·ì϶CVE-2019-15003ºÍõ辶±éÀú·ì϶CVE-2019-15004£¬ £¬£¬£¬ £¬£¬£¬£¬ÀûÓ÷ì϶£¬ £¬£¬£¬ £¬£¬£¬£¬¹¥»÷ÕßÄܹ»²é¿´Ò×Êܹ¥»÷µÄÊ·ýÖÐÔ̺¬µÄËùÓÐJiraÏîÄ¿ÖеÄËùÓÐÎÊÌâ¡£¡£¡£¡£ ¡£¡£Õâ¿ÉÄÜÔ̺¬Jira Service DeskÏîÄ¿£¬ £¬£¬£¬ £¬£¬£¬£¬Jira CoreÏîÄ¿ºÍJira SoftwareÏîÄ¿¡£¡£¡£¡£ ¡£¡£


·ì϶ÑéÖ¤


ÔÝÎÞPOC/EXP¡£¡£¡£¡£ ¡£¡£


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÒÑ°ä²¼¸üУ¬ £¬£¬£¬ £¬£¬£¬£¬ÈçÏ£º


4.5.1 can be downloaded from https://www.atlassian.com/software/jira/service-desk/update

4.4.3 which can be downloaded from https://www.atlassian.com/software/jira/service-desk/update

4.3.5 which can be downloaded from https://www.atlassian.com/software/jira/service-desk/update

4.2.6 which can be downloaded from https://www.atlassian.com/software/jira/service-desk/update

3.16.11 which can be downloaded from https://www.atlassian.com/software/jira/service-desk/update

3.9.17 which can be downloaded from https://www.atlassian.com/software/jira/service-desk/update


»º½â´ëÊ©£º


CVE-2019-15003


1. ÔÚ·´Ïò´úÀí»ò¸ºÔØƽºâ¼¶±ð×èÖ¹¶ÔÔ̺¬jspa£¬ £¬£¬£¬ £¬£¬£¬£¬jpsx£¬ £¬£¬£¬ £¬£¬£¬£¬jspµÄJiraµÄÒªÇó£¬ £¬£¬£¬ £¬£¬£¬£¬»òÕß½«JiraÅäÖÃΪ½«Ô̺¬jspa£¬ £¬£¬£¬ £¬£¬£¬£¬jspx£¬ £¬£¬£¬ £¬£¬£¬£¬jspµÄÒªÇó³Á¶¨Ïòµ½°²È«URL


2. ½«ÒÔÏÂÄÚÈÝÔö³¤µ½[jira-installation-directory]/atlassian-jira/WEB-INF/urlrewrite.xmlµÄ<urlrewrite>²¿ÃÅÖУ¬ £¬£¬£¬ £¬£¬£¬£¬±£ÁôÒÔÉϸü¸Äºó£¬ £¬£¬£¬ £¬£¬£¬£¬³ÁÐÂÆô¶¯Jira£º


8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website



CVE-2019-15004


1. ÔÚ·´Ïò´úÀí»ò¸ºÔØƽºâ¼¶±ð×èÖ¹¶ÔÔ̺¬..µÄJiraµÄÒªÇó£¬ £¬£¬£¬ £¬£¬£¬£¬»òÕß½«JiraÅäÖÃΪ½«Ô̺¬..µÄÒªÇó³Á¶¨Ïòµ½°²È«URL


2. ½«ÒÔÏÂÄÚÈÝÔö³¤µ½[jira-installation-directory]/atlassian-jira/WEB-INF/urlrewrite.xmlµÄ<urlrewrite>²¿ÃÅÖУ¬ £¬£¬£¬ £¬£¬£¬£¬±£ÁôÒÔÉϸü¸Äºó£¬ £¬£¬£¬ £¬£¬£¬£¬³ÁÐÂÆô¶¯Jira£º


8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website



²Î¿¼Á´½Ó


https://confluence.atlassian.com/jira/jira-service-desk-security-advisory-2019-11-06-979412717.html