Service Notices
Remote Code Execution Vulnerability in Multiple Products Such as Jira Data Center (CVE-2020-36239)
Jul 26, 2021 GMT+08:00
I. Overview
Atlassian disclosed the remote code execution vulnerability (CVE-2020-36239) in its multiple products, such as Jira Data Center and Jira Service Management Data Center. These products open the Ehcache RMI network service on default ports such as 40001. Because of the lack of identity authentication, attackers can implement arbitrary code execution in Jira through deserialization.
Jira is a defect tracking management system used for defect management, task tracking, and project management. If you are a Jira user, check your Jira version and implement timely security hardening.
Reference: Jira Data Center And Jira Service Management Data Center Security Advisory 2021-07-21
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Affected versions:
Jira Data Center, Jira Core Data Center, Jira Software Data Center- ranges
6.3.0 <= version < 8.5.16
8.6.0 <= version < 8.13.8
8.14.0 <= version < 8.17.0
Jira Service Management Data Center – ranges
2.0.2 <= version < 4.5.16
4.6.0 <= version < 4.13.8
4.14.0 <= version < 4.17.0
Secure versions:
Jira Data Center, Jira Core Data Center, Jira Software Data Center
Version 8.5.16 for 8.5.x LTS
Version 8.13.8 for 8.13.x LTS
Version 8.17.0
Jira Service Management Data Center
Version 4.5.16 for 4.5.x LTS
Version 4.13.8 for 4.13.x LTS
Version 4.17.0
IV. Security Recommendations
1. This vulnerability has been fixed in later official versions. If your service version falls into the affected range, upgrade it to a latest secure version.
2. If the upgrade cannot be performed in a timely manner, you can use the firewall or similar technologies to restrict the access to the Ehcache RMI service port based on the suggestions provided by Atlassian.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.