Vulnerability Details : CVE-2014-2314
Public exploit exists!
Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.
Vulnerability category: Directory traversal
Products affected by CVE-2014-2314
- cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2314
88.59%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2014-2314
-
JIRA Issues Collector Directory Traversal
Disclosure Date: 2014-02-26First seen: 2020-04-26exploit/windows/http/jira_collector_traversalThis module exploits a directory traversal flaw in JIRA 6.0.3. The vulnerability exists in the issues collector code, while handling attachments provided by the user. It can be exploited in Windows environments to get remote code execution. This module has been tested
CVSS scores for CVE-2014-2314
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-2314
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2314
-
http://blog.h3xstream.com/2014/02/jira-path-traversal-explained.html
h3xStream's blog: Jira Path Traversal explained (CVE-2014-2314)Exploit
-
https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26
JIRA Security Advisory 2014-02-26 - Atlassian DocumentationVendor Advisory
-
http://www.exploit-db.com/exploits/32725
JIRA Issues Collector - Directory Traversal (Metasploit) - Windows remote ExploitExploit
Jump to