{"containers": {"cna": {"affected": [{"product": "Jira", "vendor": "Atlassian", "versions": [{"lessThan": "7.6.5", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.7.0", "versionType": "custom"}, {"lessThan": "7.7.3", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.8.0", "versionType": "custom"}, {"lessThan": "7.8.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2018-04-10T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "Improper Access Control (CWE-284)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-04-12T09:57:02.000Z", "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian"}, "references": [{"name": "103730", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103730"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://jira.atlassian.com/browse/JRASERVER-67107"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2018-04-10T00:00:00", "ID": "CVE-2017-18101", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jira", "version": {"version_data": [{"version_affected": "<", "version_value": "7.6.5"}, {"version_affected": ">=", "version_value": "7.7.0"}, {"version_affected": "<", "version_value": "7.7.3"}, {"version_affected": ">=", "version_value": "7.8.0"}, {"version_affected": "<", "version_value": "7.8.3"}]}}]}, "vendor_name": "Atlassian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Access Control (CWE-284)"}]}]}, "references": {"reference_data": [{"name": "103730", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103730"}, {"name": "https://jira.atlassian.com/browse/JRASERVER-67107", "refsource": "CONFIRM", "url": "https://jira.atlassian.com/browse/JRASERVER-67107"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:13:48.218Z"}, "title": "CVE Program Container", "references": [{"name": "103730", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103730"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://jira.atlassian.com/browse/JRASERVER-67107"}]}]}, "cveMetadata": {"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "assignerShortName": "atlassian", "cveId": "CVE-2017-18101", "datePublished": "2018-04-10T13:00:00.000Z", "dateReserved": "2018-02-01T00:00:00.000Z", "dateUpdated": "2024-09-16T17:19:13.139Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*", "matchCriteriaId": "3517B751-F490-40D0-9612-F64511DA1D81", "versionEndExcluding": "7.6.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0281160-9946-46A0-A6FC-B63971CFDEA0", "versionEndExcluding": "7.7.3", "versionStartIncluding": "7.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBBB1C9A-EB14-4C67-8077-D97CEE12525F", "versionEndExcluding": "7.8.3", "versionStartIncluding": "7.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks."}, {"lang": "es", "value": "Varos recursos administrativos de importaci\u00f3n de sistema externo en Atlassian JIRA Server (incluyendo JIRA Core), en versiones anteriores a la 7.6.5, de la versi\u00f3n 7.7.0 antes de la 7.7.3, de la versi\u00f3n 7.8.0 anterior a la 7.8.3 y antes de la versi\u00f3n 7.9.0, permite que atacantes remotos ejecuten operaciones de importaci\u00f3n y determinen si existe un servicio interno a trav\u00e9s de la falta de comprobaci\u00f3n de permisos."}], "id": "CVE-2017-18101", "lastModified": "2024-11-21T03:19:21.673", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-10T13:29:00.383", "references": [{"source": "security@atlassian.com", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/bid/103730"}, {"source": "security@atlassian.com", "tags": ["Vendor Advisory"], "url": "https://jira.atlassian.com/browse/JRASERVER-67107"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/bid/103730"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://jira.atlassian.com/browse/JRASERVER-67107"}], "sourceIdentifier": "security@atlassian.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security@atlassian.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}