| We recommend the update of Xray Test Management for Jira Server & Data Center to the 6.1.2.1 - latest version. |
| Summary | Remote Code Execution on Document Generator |
|---|---|
| Advisory Release Date | 10:00 AM CET |
| Product | Xray Test Management for Jira Server & Data Center |
Affected on Xray Test Management for Jira Server & Jira Data Center Versions |
|
Fixed on Xray Test Management Jira Server & Jira Data Center Versions |
|
This advisory discloses a security vulnerability classified as critical that was present in Xray Test Management for Jira Server & Data Center. Versions of Jira Server & Data Center affected by this vulnerability:
Customers who have upgraded Xray Test Management for Jira Server & Data Center to version 6.1.2.1 or higher are not affected.
Customers who are on any of the affected versions, upgrade your Xray Test Management for Jira Server & Data Center installations immediately to fix this vulnerability.
We rate the severity level of these vulnerabilities as critical, according to the scale published in Bugcrowd’s Vulnerability Rating Taxonomy. The scale allows us to rank the severity as critical, high, moderate, or low.
This is our assessment and you should evaluate its applicability to your own IT environment.
We detected a Remote Code Execution vulnerability on the Document Generator.
The issue can be tracked here:
We have released Xray for Jira Server & DC version 6.1.2.1 which is available for upgrade through the Atlassian Marketplace.
You can upgrade to the latest version of Xray for Jira Server & Data Center using the Universal Plugin Manager as explained in Updating apps.
If you have questions or concerns regarding this advisory, please raise a support request here.