company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Atlassian

Jira

Vulnerability

loading..
loading..
loading..

Atlassian urging its enterprise users to update their Jira products to patch a critical vulnerability tracked as CVE-2020-36239

Atlassian's Jira Services are vulnerable to attackers executing arbitrary remote code. The bug stemmed from unrestricted access to Ehcache RMI ports...

22-Jul-2021
3 min read

Atlassian encourages its enterprise customers to update their Data Center and Jira Management Services products to patch a critical Jira vulnerability. The vulnerability pursued as CVE-2020-36239 can give remote attackers the potential to execute arbitrary code due to a misplaced authorization bug in Jira's implementation of an open-source component - Ehcache.

Remote code execution:

Atlassian revealed the vulnerability yesterday that enables unauthorized attackers to implement arbitrary code in their Jira Data Center products. The company notified all customers through mail and urged them to upgrade their versions of Jira services a soon as possible.

Ehcache is a vastly used open-source cache predominantly used by Java applications for boosting performance, scalability, and stability. The bug originated because of unrestricted access to Ehcache to RMI ports. RMI enables programmers to invoke methods present inside remote objects - like those present inside an application running on a shared network. RMI stands for remote method invocation, similar to remote procedure calls (RPC) in object-oriented programming languages.

Multiple Jira products like Jira Data Center, Jira Software Data Center, and Jira Service Management center expose an Ehcache RMI network on different ports: 4000 and 4001. Remote threat actors can connect to these ports without any authentication to execute arbitrary code in Jira through a process called object deserialization.

According to reports, the vulnerability does not affect non-Data Center services of the Jira Server. The company encouraged all its enterprise users to upgrade Jira Datacenter and Jira Service Management Center to version number 8.5.16 and 4.5.16, respectively. Atlassian also issued a security advisory mentioning several workarounds to upgrade Jira services and restrict access to RMI ports.

The security advisory read, "From now, the fixed version of Jira will require a shared secret to access Ehcache service."