Jira Desk Server ºÍ Data CenterÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-11-11

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-15003£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-15004£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


Jira Service Desk Server andJira Service Desk Data Center

version < 3.9.17

3.10.0 <= version < 3.16.11

4.0.0 <= version < 4.2.6

4.3.0 <= version < 4.3.5

4.4.0 <= version < 4.4.3

4.5.0 <= version < 4.5.1


Îó²î¸ÅÊö


Atlassian Jira Service Desk ServerºÍAtlassian Jira Service Desk Data Center¶¼ÊÇ°Ä´óÀûÑÇAtlassian¹«Ë¾µÄ²úÆ·¡£¡£¡£¡£Atlassian Jira Service Desk ServerÊÇÒ»Ì×ITЧÀĮ́ÓëÇëÇó¸ú×ÙϵͳµÄЧÀÍÆ÷°æ¡£¡£¡£¡£¸ÃϵͳÖ÷ÒªÓÃÓÚÎüÊÕ¡¢¸ú×ÙºÍÖÎÀíÍŶӿͻ§µÄÇëÇ󡣡£¡£¡£Atlassian Jira Service Desk Data CenterÊÇAtlassian Jira Service DeskµÄÊý¾ÝÖÐÐÄ°æ±¾¡£¡£¡£¡£±£´æÈçÏÂÎó²î£º


ÐÅϢй¶Îó²îCVE-2019-15003ºÍ·¾¶±éÀúÎó²îCVE-2019-15004£¬£¬£¬£¬£¬£¬£¬Ê¹ÓÃÎó²î£¬£¬£¬£¬£¬£¬£¬¹¥»÷Õß¿ÉÒÔÉó²éÒ×Êܹ¥»÷µÄʵÀýÖаüÀ¨µÄËùÓÐJiraÏîÄ¿ÖеÄËùÓÐÎÊÌâ¡£¡£¡£¡£Õâ¿ÉÄÜ°üÀ¨Jira Service DeskÏîÄ¿£¬£¬£¬£¬£¬£¬£¬Jira CoreÏîÄ¿ºÍJira SoftwareÏîÄ¿¡£¡£¡£¡£


Îó²îÑéÖ¤


ÔÝÎÞPOC/EXP¡£¡£¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼¸üУ¬£¬£¬£¬£¬£¬£¬ÈçÏ£º


4.5.1 can be downloaded from https://www.atlassian.com/software/jira/service-desk/update

4.4.3 which can be downloaded from https://www.atlassian.com/software/jira/service-desk/update

4.3.5 which can be downloaded from https://www.atlassian.com/software/jira/service-desk/update

4.2.6 which can be downloaded from https://www.atlassian.com/software/jira/service-desk/update

3.16.11 which can be downloaded from https://www.atlassian.com/software/jira/service-desk/update

3.9.17 which can be downloaded from https://www.atlassian.com/software/jira/service-desk/update


»º½â²½·¥£º


CVE-2019-15003


1. ÔÚ·´ÏòÊðÀí»ò¸ºÔØƽºâ¼¶±ð×èÖ¹¶Ô°üÀ¨jspa£¬£¬£¬£¬£¬£¬£¬jpsx£¬£¬£¬£¬£¬£¬£¬jspµÄJiraµÄÇëÇ󣬣¬£¬£¬£¬£¬£¬»òÕß½«JiraÉèÖÃΪ½«°üÀ¨jspa£¬£¬£¬£¬£¬£¬£¬jspx£¬£¬£¬£¬£¬£¬£¬jspµÄÇëÇóÖض¨Ïòµ½Çå¾²URL


2. ½«ÒÔÏÂÄÚÈÝÌí¼Óµ½[jira-installation-directory]/atlassian-jira/WEB-INF/urlrewrite.xmlµÄ<urlrewrite>²¿·ÖÖУ¬£¬£¬£¬£¬£¬£¬ÉúÑÄÒÔÉϸü¸Äºó£¬£¬£¬£¬£¬£¬£¬ÖØÐÂÆô¶¯Jira£º


¿­·¢¡¤k8(ÖйúÓÎ)¹Ù·½ÍøÕ¾



CVE-2019-15004


1. ÔÚ·´ÏòÊðÀí»ò¸ºÔØƽºâ¼¶±ð×èÖ¹¶Ô°üÀ¨..µÄJiraµÄÇëÇ󣬣¬£¬£¬£¬£¬£¬»òÕß½«JiraÉèÖÃΪ½«°üÀ¨..µÄÇëÇóÖض¨Ïòµ½Çå¾²URL


2. ½«ÒÔÏÂÄÚÈÝÌí¼Óµ½[jira-installation-directory]/atlassian-jira/WEB-INF/urlrewrite.xmlµÄ<urlrewrite>²¿·ÖÖУ¬£¬£¬£¬£¬£¬£¬ÉúÑÄÒÔÉϸü¸Äºó£¬£¬£¬£¬£¬£¬£¬ÖØÐÂÆô¶¯Jira£º


¿­·¢¡¤k8(ÖйúÓÎ)¹Ù·½ÍøÕ¾



²Î¿¼Á´½Ó


https://confluence.atlassian.com/jira/jira-service-desk-security-advisory-2019-11-06-979412717.html