Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira virus / weird email

slsdeveloper
slsdeveloper July 22, 2019

We have been getting weird emails from Jira. 

The latest says:
"New message from Contact Administrators page"

From: test@gmail.com

 

I'm guessing this is some kind of virus in Jira.  Did a little research  on Friday and found  that indeed Jira 8.1 is affected by a security vulnerability, so I upgraded to Jira 8.2 which we thought would fix the issue, but we are still getting messages like the one above.  

 

Are there additional steps we need to take to clean this up?

Here's a link to the  vulnerability I am referring to: https://confluence.atlassian.com/jira/jira-security-advisory-2019-07-10-973486595.html?_ga=2.86012056.1859175260.1563802723-293386627.1551381409&_gac=1.220991082.1562865782.CjwKCAjwvJvpBRAtEiwAjLuRPUnnh7Ap86Bf40H426NRKyb_SnBFlPv-uzHEQ5GyWfvT31s3j7oCLhoCq08QAvD_BwE

 

Thanks,

Jonathan

Answer
Watch
Like Helen Rodgers likes this
2367 views

1 answer

1 accepted

1 vote
Answer accepted
Alexis Robert
Alexis Robert
Community Champion
July 22, 2019

Hi @slsdeveloper , 

 

you can find on this page exactly what versions are affected by the vulnerability and which one to install. You should install version 8.2.3 or 8.2.4 for example.

Since this vulnerability is based on the Contact Administrators form as a way to breach the system, it may the reason why you're getting these emails (scripts targeting Jira instances with the form enabled).

You can disable this form too, to avoid getting unwanted emails : 

  • Disable the Contact Administrators Form and
  • Block the /secure/admin/SendBulkMail!default.jspa endpoint from being accessed. This can be achieved by denying access in the reverse-proxy, load balancer, or Tomcat directly (see instructions). Note that blocking the SendBulkMail endpoint will prevent Jira Administrators from being able to send bulk emails to users.

 

Let me know if this helps, 

 

--Alexis

View More Comments
slsdeveloper
slsdeveloper July 22, 2019

Thanks for your suggestions.  I'll check out your links and suggestions, and let you know how it goes.

 

Thanks,

- Jonathan

Like
slsdeveloper
slsdeveloper July 22, 2019

I am currently at version 8.2.4#802003.

Like
slsdeveloper
slsdeveloper July 22, 2019

I've turned off access to Contact Administrators Form.  I'm going to give it a couple of days to see if this fixes our issue, before I go and block the bulkMail endpoint.

 

I'll keep things posted here.

Thanks again,

Jonathan

Like
slsdeveloper
slsdeveloper July 24, 2019

So, it looks like for my case turning off the "Contact Administrators Form" feature took care of this.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security