=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2011/VULN141
_____________________________________________________________________

DATE                      : 21/02/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running JIRA versions prior to 4.2.2.

======================================================================
http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2011-02-21
______________________________________________________________________

  JIRA Security Advisory 2011-02-21


This advisory announces a security vulnerability that has been found and
fixed in all versions of JIRA prior to 4.2.2. Enterprise Hosted customers
should request an upgrade by filing a ticket at http://support.atlassian.com.
JIRA Studio is not vulnerable to any of the issues described in this advisory.

Atlassian is committed to improving product security. The vulnerability
listed in this advisory has been discovered by Atlassian, unless noted
otherwise. The reporter may also have requested that we do not credit them.

If you have questions or concerns regarding this advisory, please raise a
support request at http://support.atlassian.com/.

In this advisory:

    * Parameter-Based Redirection Vulnerability
          o Severity
          o Risk Assessment
          o Vulnerability
          o Risk Mitigation
          o Fix

Parameter-Based Redirection Vulnerability

Severity

Atlassian rates this vulnerability as high, according to the scale published
in Severity Levels for Security Issues. The scale allows us to rank a
vulnerability as critical, high, moderate or low. This vulnerability
is not critical.

This is an independent assessment and you should evaluate its applicability
to your own IT environment.

Risk Assessment

Parameter-based redirection vulnerabilities allow an attacker to craft a
JIRA URL in such a way that a user clicking on this URL will be redirected
to a different web site. This can be used for phishing.

You can read more about link manipulation attacks at Wikipedia, and about
phishing at [Fraud.org|http://www.fraud.org/tips/internet/phishing.htm and
other places on the web.

Vulnerability

Some actions in JIRA redirect users to a new page after the action has been
completed. It was possible to hand-craft an URL that would redirect to a site
outside the current instance of JIRA. Starting with JIRA 4.2.2 all such
redirections are limited to pages inside the current instance of JIRA.

All versions of JIRA prior to 4.2.2 are affected.

Risk Mitigation

We recommend upgrading your JIRA installation to fix this vulnerability.
Please see the 'Fix' section below.

Fix

These issues have been fixed in JIRA 4.2.2 and later. The latest version of
JIRA is currently 4.2.4.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================