CyberSec.Space Logo
Back to CVE Browser

CVE-2017-5983

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0440%
EPSS Percentile5.69th
PublishedApr 10, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.

Affected Platforms (CPE)

πŸ“¦
Atlassian

Jira

= 4.2.4
πŸ“¦
Atlassian

Jira

= 4.3
πŸ“¦
Atlassian

Jira

= 4.3.1
πŸ“¦
Atlassian

Jira

= 4.3.2
πŸ“¦
Atlassian

Jira

= 4.3.3
πŸ“¦
Atlassian

Jira

= 4.3.4
πŸ“¦
Atlassian

Jira

= 4.4
πŸ“¦
Atlassian

Jira

= 4.4.1
πŸ“¦
Atlassian

Jira

= 4.4.2
πŸ“¦
Atlassian

Jira

= 4.4.3
πŸ“¦
Atlassian

Jira

= 4.4.4
πŸ“¦
Atlassian

Jira

= 4.4.5
πŸ“¦
Atlassian

Jira

= 5.0
πŸ“¦
Atlassian

Jira

= 5.0.1
πŸ“¦
Atlassian

Jira

= 5.0.2
πŸ“¦
Atlassian

Jira

= 5.0.3
πŸ“¦
Atlassian

Jira

= 5.0.4
πŸ“¦
Atlassian

Jira

= 5.0.5
πŸ“¦
Atlassian

Jira

= 5.0.7
πŸ“¦
Atlassian

Jira

= 5.1
πŸ“¦
Atlassian

Jira

= 5.1.1
πŸ“¦
Atlassian

Jira

= 5.1.2
πŸ“¦
Atlassian

Jira

= 5.1.3
πŸ“¦
Atlassian

Jira

= 5.1.4
πŸ“¦
Atlassian

Jira

= 5.1.5
πŸ“¦
Atlassian

Jira

= 5.1.6
πŸ“¦
Atlassian

Jira

= 5.1.7
πŸ“¦
Atlassian

Jira

= 5.1.8
πŸ“¦
Atlassian

Jira

= 5.2
πŸ“¦
Atlassian

Jira

= 5.2.1
πŸ“¦
Atlassian

Jira

= 5.2.2
πŸ“¦
Atlassian

Jira

= 5.2.3
πŸ“¦
Atlassian

Jira

= 5.2.4
πŸ“¦
Atlassian

Jira

= 5.2.5
πŸ“¦
Atlassian

Jira

= 5.2.6
πŸ“¦
Atlassian

Jira

= 5.2.7
πŸ“¦
Atlassian

Jira

= 5.2.8
πŸ“¦
Atlassian

Jira

= 5.2.9
πŸ“¦
Atlassian

Jira

= 5.2.10
πŸ“¦
Atlassian

Jira

= 5.2.11
πŸ“¦
Atlassian

Jira

= 6.0
πŸ“¦
Atlassian

Jira

= 6.0.1
πŸ“¦
Atlassian

Jira

= 6.0.2
πŸ“¦
Atlassian

Jira

= 6.0.3
πŸ“¦
Atlassian

Jira

= 6.0.4
πŸ“¦
Atlassian

Jira

= 6.0.5
πŸ“¦
Atlassian

Jira

= 6.0.7
πŸ“¦
Atlassian

Jira

= 6.0.8
πŸ“¦
Atlassian

Jira

= 6.1
πŸ“¦
Atlassian

Jira

= 6.1.1
πŸ“¦
Atlassian

Jira

= 6.1.2
πŸ“¦
Atlassian

Jira

= 6.1.3
πŸ“¦
Atlassian

Jira

= 6.1.4
πŸ“¦
Atlassian

Jira

= 6.1.5
πŸ“¦
Atlassian

Jira

= 6.1.6
πŸ“¦
Atlassian

Jira

= 6.1.7
πŸ“¦
Atlassian

Jira

= 6.1.8
πŸ“¦
Atlassian

Jira

= 6.1.9
πŸ“¦
Atlassian

Jira

= 6.2
πŸ“¦
Atlassian

Jira

= 6.2.1
πŸ“¦
Atlassian

Jira

= 6.2.2
πŸ“¦
Atlassian

Jira

= 6.2.3
πŸ“¦
Atlassian

Jira

= 6.2.4
πŸ“¦
Atlassian

Jira

= 6.2.5
πŸ“¦
Atlassian

Jira

= 6.2.6
πŸ“¦
Atlassian

Jira

= 6.2.7

References & Advisories

πŸ”— http://codewhitesec.blogspot.com/2017/04/amf.html
πŸ”— http://www.securityfocus.com/bid/97379
πŸ”— https://confluence.atlassian.com/jira063/jira-security-advisory-2017-03-09-875604401.html
πŸ”— https://jira.atlassian.com/browse/JRASERVER-64077
πŸ”— https://www.kb.cert.org/vuls/id/307983
πŸ”— http://codewhitesec.blogspot.com/2017/04/amf.html
πŸ”— http://www.securityfocus.com/bid/97379
πŸ”— https://confluence.atlassian.com/jira063/jira-security-advisory-2017-03-09-875604401.html

Related Vulnerabilities

CVE-2019-165419.9

Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing ...

CVE-2019-204099.8

The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attac...

CVE-2019-115819.8

There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the Send...

CVE-2020-141729.8

This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has b...