N/A

The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can trick a system administrator to import their malicious workflow to execute arbitrary code via a Remote Code Execution (RCE) vulnerability. The vulnerability allowed for various problematic OSWorkflow classes to be used as part of workflows. The fix for this issue blocks usage of unsafe conditions, validators, functions and registers that are build-in into OSWorkflow library and other Jira dependencies. Atlassian-made functions or functions provided by 3rd party plugins are not affected by this fix.

N/A

对生成代码的控制不恰当(代码注入)

Atlassian JIRA Server和Atlassian JIRA Data Center 代码注入漏洞

Atlassian JIRA Server和Atlassian JIRA Data Center都是澳大利亚Atlassian公司的产品。Atlassian JIRA Server是一套缺陷跟踪管理系统的服务器版本。该系统主要用于对工作中各类问题、缺陷进行跟踪管理。Atlassian JIRA Data Center是Atlassian JIRA的数据中心版本。 多款 Atlassian 产品中存在代码注入漏洞，该漏洞源于产品的DefaultOSWorkflowConfigurator类存在逻辑问题。攻击

N/A

N/A