CVE-2017-5983

Published Apr 10, 2017
Last updated 3 months ago
CVSS critical 9.8
Overview

Description: The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.
Source: cve@mitre.org
NVD status: Modified
Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-502
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:atlassian:jira:4.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E72FD8F4-B47B-4D45-81BC-281C7C88BF64"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6392A0B-252B-4BE9-8381-882364CAF93D"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:4.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5022C4F9-48A7-4995-994A-455F545CDB8F"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:4.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A8EC6B1-A57B-4277-B904-CFFC2B1B8630"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:4.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1F805A3-631D-4667-BF72-62A3DDDCDB2D"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:4.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EDB91B1-7D20-4BCC-A512-6F75EF70BE94"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B02481E-5E51-423E-A5E7-630EB3DA5F99"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:4.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3ED291F-4F1F-48BA-832C-A70B639BBDCD"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:4.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C402D0FF-E479-480A-BB01-7932CF2BF2E0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:4.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "395E3ED3-3DA5-40A6-B932-36F9BF13FD76"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:4.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41F1DD46-4FBD-40BC-B276-51C2B239BC4B"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:4.4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82FC7263-D0E3-490A-9DF6-ED89051354A4"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CB09662-5926-4AE5-BF22-B082ED223A46"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B83D3C97-BA63-44FB-8449-220AA6B31CC8"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7ED8C91-7225-439E-BEC6-BC8E23D86041"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F181716D-3B1E-493C-A92D-D02E90922EE2"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B86AA59-2C88-4113-85B1-0F8404155ED3"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25DAF540-7BB4-4325-9438-74F9F738519B"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D9E7034-3F9E-4CE3-81D0-6EB2E62F0437"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3046E68-3839-4B96-83B1-4F14AFFD8DF5"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65CB7DB0-F3CA-4037-A5FF-5D7F6678B314"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17A58D60-1085-4E64-8706-8EC8686D4904"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00339DCD-824D-46FA-9EFD-E4835BC7F52C"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED7C6417-0212-489D-9324-2C653E32566A"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C61E4B1-69D4-4278-B404-39293751033F"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8790F9F-C124-410A-BEE5-241341C5CA57"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C60F705C-ECF9-4F48-BE4C-CCB9E88E018B"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F008971D-88E6-4D60-8755-294FD157FBF2"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A224603-11AA-491D-9A06-8D573FEDDC83"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5117735-A248-44DD-B2B5-0A1D5CFB4977"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA863005-6CD1-4FEC-8A1A-6E62FC76952D"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "417098AA-30D0-4915-ACF8-135F59EB1493"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "693A0FEF-0803-419C-A718-DE80B984BA9D"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C401B65-113B-4046-8D36-7F139D05A4B7"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5AFE657-35A1-4F22-839C-4E2D89C78DA1"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7605C1DD-D26E-4ACF-8915-A2717079198C"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9720C8C4-36A4-4C8B-BB4B-1D1765C76728"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.2.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B79812D-7367-4D71-8B74-77785FAC9874"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.2.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A45A0EB-99CB-4EE9-BFBB-664D0AE91981"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:5.2.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D006394-43B4-4250-87F5-38A2511BC0AE"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B83446EB-1A2B-4803-9D2A-DBF37A99C96C"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5989726-B934-4FF1-AB54-7DC77AC2C6EF"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D910A750-B5AB-48F1-9A33-0895901E0522"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCBB6BD7-5A95-4A8C-9965-F07A29C85AEF"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B482A552-EF34-4089-8A64-797D8C9BBE43"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F8F311F-B327-4541-BA23-C8CF578861B6"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E729C6C-799F-4574-B560-51DB7F58C3AC"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8717780D-1A19-4EE4-A526-6216EA360596"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FC850FE-63C9-4E6D-8B14-C8A2224E3FF0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E129240D-BCC6-4EEF-820A-CF8EF835FE01"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BAD25985-0587-4DD8-A6BD-DE610CB01175"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E2A1992-5247-4978-856A-4BAF064651F2"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8003B5E4-597A-4914-96D5-14C8DEAE9ED8"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BAE2AA2-A436-4F86-B775-DD358FA82FCB"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C182FE8-BA50-4782-8D04-825F57DDC5E9"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "243F34D7-287A-419C-B709-74869E55402C"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE4DE2F6-B3E1-45CA-A1F7-08691FD13FE4"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.1.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AED81FE-B027-4114-9A76-7F6B8A06A6BC"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "807D2B66-FE4F-4C83-A8C9-76F874C746BB"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E21E5768-4A73-431D-9720-55C120BA0C6D"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4715D04C-DC1D-42EA-AEB4-29E935DF34D1"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "352372E1-FA78-4D5F-B6B3-CA7F547BD7BC"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "254BC1E2-0E41-46EB-9E13-9BEF69B1D786"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E6E7BAD-1781-44FF-A347-64498630A26F"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B61076B-547D-4878-BDA0-C028820DA37C"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:6.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8617A24-1894-48C7-8B05-0403183179E6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
