CyberSec.Space Logo
返回 CVE 浏览器

CVE-2017-5983

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0440%
EPSS Percentile5.69th
Published2017年4月10日
Last Modified2026年5月13日

Vulnerability Description

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.

Affected Platforms (CPE)

📦
Atlassian

Jira

= 4.2.4
📦
Atlassian

Jira

= 4.3
📦
Atlassian

Jira

= 4.3.1
📦
Atlassian

Jira

= 4.3.2
📦
Atlassian

Jira

= 4.3.3
📦
Atlassian

Jira

= 4.3.4
📦
Atlassian

Jira

= 4.4
📦
Atlassian

Jira

= 4.4.1
📦
Atlassian

Jira

= 4.4.2
📦
Atlassian

Jira

= 4.4.3
📦
Atlassian

Jira

= 4.4.4
📦
Atlassian

Jira

= 4.4.5
📦
Atlassian

Jira

= 5.0
📦
Atlassian

Jira

= 5.0.1
📦
Atlassian

Jira

= 5.0.2
📦
Atlassian

Jira

= 5.0.3
📦
Atlassian

Jira

= 5.0.4
📦
Atlassian

Jira

= 5.0.5
📦
Atlassian

Jira

= 5.0.7
📦
Atlassian

Jira

= 5.1
📦
Atlassian

Jira

= 5.1.1
📦
Atlassian

Jira

= 5.1.2
📦
Atlassian

Jira

= 5.1.3
📦
Atlassian

Jira

= 5.1.4
📦
Atlassian

Jira

= 5.1.5
📦
Atlassian

Jira

= 5.1.6
📦
Atlassian

Jira

= 5.1.7
📦
Atlassian

Jira

= 5.1.8
📦
Atlassian

Jira

= 5.2
📦
Atlassian

Jira

= 5.2.1
📦
Atlassian

Jira

= 5.2.2
📦
Atlassian

Jira

= 5.2.3
📦
Atlassian

Jira

= 5.2.4
📦
Atlassian

Jira

= 5.2.5
📦
Atlassian

Jira

= 5.2.6
📦
Atlassian

Jira

= 5.2.7
📦
Atlassian

Jira

= 5.2.8
📦
Atlassian

Jira

= 5.2.9
📦
Atlassian

Jira

= 5.2.10
📦
Atlassian

Jira

= 5.2.11
📦
Atlassian

Jira

= 6.0
📦
Atlassian

Jira

= 6.0.1
📦
Atlassian

Jira

= 6.0.2
📦
Atlassian

Jira

= 6.0.3
📦
Atlassian

Jira

= 6.0.4
📦
Atlassian

Jira

= 6.0.5
📦
Atlassian

Jira

= 6.0.7
📦
Atlassian

Jira

= 6.0.8
📦
Atlassian

Jira

= 6.1
📦
Atlassian

Jira

= 6.1.1
📦
Atlassian

Jira

= 6.1.2
📦
Atlassian

Jira

= 6.1.3
📦
Atlassian

Jira

= 6.1.4
📦
Atlassian

Jira

= 6.1.5
📦
Atlassian

Jira

= 6.1.6
📦
Atlassian

Jira

= 6.1.7
📦
Atlassian

Jira

= 6.1.8
📦
Atlassian

Jira

= 6.1.9
📦
Atlassian

Jira

= 6.2
📦
Atlassian

Jira

= 6.2.1
📦
Atlassian

Jira

= 6.2.2
📦
Atlassian

Jira

= 6.2.3
📦
Atlassian

Jira

= 6.2.4
📦
Atlassian

Jira

= 6.2.5
📦
Atlassian

Jira

= 6.2.6
📦
Atlassian

Jira

= 6.2.7

References & Advisories

🔗 http://codewhitesec.blogspot.com/2017/04/amf.html
🔗 http://www.securityfocus.com/bid/97379
🔗 https://confluence.atlassian.com/jira063/jira-security-advisory-2017-03-09-875604401.html
🔗 https://jira.atlassian.com/browse/JRASERVER-64077
🔗 https://www.kb.cert.org/vuls/id/307983
🔗 http://codewhitesec.blogspot.com/2017/04/amf.html
🔗 http://www.securityfocus.com/bid/97379
🔗 https://confluence.atlassian.com/jira063/jira-security-advisory-2017-03-09-875604401.html

相关漏洞威胁

CVE-2019-165419.9

Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing ...

CVE-2019-204099.8

The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attac...

CVE-2019-115819.8

There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the Send...

CVE-2020-141729.8

This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has b...