Unrated severityNVD Advisory· Published Apr 20, 2010· Updated Apr 29, 2026
CVE-2010-1165
CVE-2010-1165
Description
Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.
Affected products
14cpe:2.3:a:atlassian:jira:3.12:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:atlassian:jira:3.12:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:3.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:3.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:3.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:3.13:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:3.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:3.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:3.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:3.13.4:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:3.13.5:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:4.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-04-16nvdPatchVendor Advisory
- jira.atlassian.com/browse/JRA-21004nvdPatchVendor Advisory
- jira.atlassian.com/browse/JRA-20995nvdVendor Advisory
- secunia.com/advisories/39353nvdVendor Advisory
- www.openwall.com/lists/oss-security/2010/04/16/3nvd
- www.openwall.com/lists/oss-security/2010/04/16/4nvd
- www.securityfocus.com/bid/39485nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/57828nvd
News mentions
0No linked articles in our index yet.