JiraδÊÚȨЧÀͶËÄ£°å×¢ÈëÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-07-15

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-11581£¬£¬ £¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬ £¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


AtlassianJira 4.4.x

AtlassianJira 5.x.x

AtlassianJira 6.x.x

AtlassianJira 7.0.x

AtlassianJira 7.1.x

AtlassianJira 7.2.x

AtlassianJira 7.3.x

AtlassianJira 7.4.x

AtlassianJira 7.5.x

AtlassianJira 7.6.x < 7.6.14

AtlassianJira 7.7.x

AtlassianJira 7.8.x

AtlassianJira 7.9.x

AtlassianJira 7.10.x

AtlassianJira 7.11.x

AtlassianJira 7.12.x

AtlassianJira 7.13.x < 7.13.5

AtlassianJira 8.0.x < 8.0.3

AtlassianJira 8.1.x < 8.1.2

AtlassianJira 8.2.x < 8.2.3


©¶´¸ÅÊö


Atlassian JiraÊÇ°Ä´óÀûÑÇAtlassian¹«Ë¾µÄÒ»Ì×ȱÏݸú×ÙÖÎÀíϵͳ¡£¡£¡£¡£¸ÃϵͳÖ÷ÒªÓÃÓÚ¶ÔÊÂÇéÖÐÖÖÖÖÎÊÌ⡢ȱÏݾÙÐиú×ÙÖÎÀí¡£¡£¡£¡£


Atlassian Jira ServerºÍJira Data Center±£´æЧÀͶËÄ£°å×¢ÈëÎó²î¡£¡£¡£¡£ÀÖ³ÉʹÓôËÎó²îµÄ¹¥»÷Õß¿ÉÔÚÔËÐÐÊÜÓ°Ïì°æ±¾µÄJira Server»òJira Data CenterµÄϵͳÉÏÖ´ÐÐí§ÒâÏÂÁî¡£¡£¡£¡£


µÚÒ»ÖÖÇéÐΣ¬£¬ £¬£¬£¬JiraЧÀͶËÒÑÉèÖúÃSMTPЧÀÍÆ÷£¬£¬ £¬£¬£¬ÇÒ¡°ÁªÏµÖÎÀíÔ±±íµ¥¡±¹¦Ð§ÒÑ¿ªÆô¡£¡£¡£¡£(ĬÈÏÉèÖÃΪ¹Ø±Õ)


µÚ¶þÖÖÇéÐΣ¬£¬ £¬£¬£¬JiraЧÀͶËÒÑÉèÖúÃSMTPЧÀÍÆ÷£¬£¬ £¬£¬£¬ÇÒ¹¥»÷Õß¾ßÓÐ"JIRAÖÎÀíÔ±"µÄ»á¼ûȨÏÞ¡£¡£¡£¡£ÔÚµÚÒ»ÖÖÇéÐÎÏ£¬£¬ £¬£¬£¬¡°ÁªÏµÖÎÀíÔ±±íµ¥¡±¹¦Ð§¿ªÆôµÄÇéÐÎÏ£¬£¬ £¬£¬£¬¹¥»÷Õß¿ÉÒÔδ¾­ÈκÎÈÏÖ¤£¬£¬ £¬£¬£¬Í¨¹ýÏò/secure/ContactAdministrators.jspaÌᳫÇëÇóʹÓôËÎó²î¡£¡£¡£¡£ÔÚµÚ¶þÖÖÇéÐÎÏ£¬£¬ £¬£¬£¬¹¥»÷Õß¾ßÓÐ"JIRA ÖÎÀíÔ±"µÄ»á¼ûȨÏÞÏ¿Éͨ¹ý/secure/admin/SendBulkMail!default.jspaʹÓôËÎó²î¡£¡£¡£¡£


Á½ÖÖ´¥·¢·½·¨ÊµÖÊÔµ¹ÊÔ­Óɶ¼ÊÇ£ºatlassian-jira/WEB-INF/classes/com/atlassian/jira/web/action/user/ContactAdministratorsδ¶ÔSubject£¨ÓʼþÖ÷Ì⣩´¦¾ÙÐйýÂË£¬£¬ £¬£¬£¬Óû§´«ÈëµÄÓʼþÖ÷Ìâ±»¿´³Étemplate£¨Ä£°å£©Ö¸ÁîÖ´ÐС£¡£¡£¡£ÔÚÈκÎÒ»ÖÖÇéÐÎÏ£¬£¬ £¬£¬£¬ÀÖ³ÉʹÓôËÎó²îµÄ¹¥»÷Õ߶¼¿ÉÔÚÔËÐÐÊÜÓ°Ïì°æ±¾µÄJira Server»òJira Data CenterµÄϵͳÉÏÖ´ÐÐí§ÒâÏÂÁî¡£¡£¡£¡£


Îó²îÑéÖ¤


ÔÝÎÞPOC/EXP¡£¡£¡£¡£


ÐÞ¸´½¨Òé


Ä¿Ç°ÒÑÐû²¼Ð°汾£¬£¬ £¬£¬£¬ÊÜÓ°ÏìµÄ°æ±¾Ò²ÒÑÐû²¼¸üС£¡£¡£¡£ÈçÕâЩ½â¾ö¼Æ»®¾ù²»¿ÉÐУ¬£¬ £¬£¬£¬¿ÉÔÝʱ½ÓÄÉÈçÏ»º½â²½·¥


1.½ûÓá°ÁªÏµÍøÕ¾ÖÎÀíÔ±¡±¹¦Ð§¡£¡£¡£¡£ÉèÖÃ-ϵͳ-±à¼­ÉèÖÃ-ÁªÏµÖÎÀíÔ±±íµ¥´¦Ñ¡Ôñ¡°¹Ø¡±£¬£¬ £¬£¬£¬È»ºóµã»÷×îÏÂÃæµÄ¡°¸üС±ÉúÑÄÉèÖᣡ£¡£¡£


Ïêϸ²Ù×÷·½·¨²Î¿¼£ºhttps://confluence.atlassian.com/adminjiraserver/configuring-the-administrator-contact-form-974375905.html#Configuringtheadministratorcontactform-DisablingtheContactAdministratorsForm


ÑéÖ¤ÉúЧҪÁ죺»á¼û/secure/ContactAdministrators!default.jspa·ºÆ𣺡°ÄúµÄJiraÖÎÀíÔ±ÉÐδÉèÖôËÁªÏµ±í¡£¡£¡£¡£¡±»ò¡°Your Jira administrator has not yetconfigured this contact form¡±¡£¡£¡£¡£


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


2.եȡ¶Ô/secure/admin/SendBulkMail!default.jspaµÄ»á¼û¡£¡£¡£¡£¿£¿£¿Éͨ¹ý¾Ü¾ø·´ÏòÊðÀí¡¢¸ºÔØƽºâÆ÷»òÖ±½Ó´ÓTomcat ×èµ²»á¼ûȨÏÞ£¬£¬ £¬£¬£¬×èÖ¹ÖÎÀíÔ±ÏòÓû§·¢ËÍÅúÁ¿Óʼþ¡£¡£¡£¡£


²Î¿¼Á´½Ó


https://confluence.atlassian.com/jira/jira-security-advisory-2019-07-10-973486595.html