According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 9.6.0. It is, therefore, affected by multiple vulnerabilities:
– A issue in the underlying Spring framework which permits a authenticated attacker to perform a STOMP over WebSocket attack.
– A issue in the underlying Spring framework, which mis-handle file uploads and are vulnerable to a Denial of Service (DoS) if they rely on malicious data binding.
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More