What is CVE-2014-2314?

CVE-2014-2314 is a vulnerability in Atlassian Jira, classified under Path Traversal. Published 2014-03-09.

Is CVE-2014-2314 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Atlassian Jira

CVE-2014-2314

Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.657 (98.5th percentile) — read the EPSS interpretation.

Affected products

Atlassian Jira — versions 6.0, 6.0.1, 6.0.2
Microsoft Windows
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

rapid7/metasploit-framework

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
32725 (Exploit, exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (Exploit, x_refsource_MISC)

Frequently asked questions

What is CVE-2014-2314?: CVE-2014-2314 is a vulnerability in Atlassian Jira, classified under Path Traversal. Published 2014-03-09.
Is CVE-2014-2314 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.