CVE-2010-1165

Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.

Published: Apr 20, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-1165
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
atlassian / jira	3.13.2	3.13.2.x
atlassian / jira	4.0.2	4.0.2.x
atlassian / jira	3.12	3.12.x
atlassian / jira	4.0.1	4.0.1.x
atlassian / jira	4.1	4.1.x
atlassian / jira	3.13.3	3.13.3.x
atlassian / jira	3.12.3	3.12.3.x
atlassian / jira	3.13.5	3.13.5.x
atlassian / jira	3.13.1	3.13.1.x
atlassian / jira	3.12.2	3.12.2.x
atlassian / jira	3.12.1	3.12.1.x
atlassian / jira	3.13.4	3.13.4.x
atlassian / jira	3.13	3.13.x
atlassian / jira	4.0	4.0.x

http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16
http://jira.atlassian.com/browse/JRA-20995
http://jira.atlassian.com/browse/JRA-21004
http://secunia.com/advisories/39353
http://www.openwall.com/lists/oss-security/2010/04/16/3
http://www.openwall.com/lists/oss-security/2010/04/16/4
http://www.securityfocus.com/bid/39485
https://exchange.xforce.ibmcloud.com/vulnerabilities/57828

Vulnerability Database

290,020

CVE-2010-1165