CVE-2023-42361
📋 TL;DR
This Local File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira allows attackers to read arbitrary files on the server by uploading crafted images during PDF export. It affects Jira Server and Data Center installations using the vulnerable plugin version. Attackers could potentially access sensitive configuration files, credentials, or other server data.
💻 Affected Systems
- Midori-global Better PDF Exporter for Jira Server
- Midori-global Better PDF Exporter for Jira Data Center
📦 What is this software?
Better Pdf Exporter by Midori Global
Better Pdf Exporter by Midori Global
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise via reading sensitive files like configuration files containing database credentials, SSH keys, or other authentication secrets, potentially leading to lateral movement within the network.
Likely Case
Unauthorized access to sensitive server files including configuration files, logs, and potentially credential files, enabling further attacks or data exfiltration.
If Mitigated
Limited impact with proper file permissions and network segmentation, potentially only allowing access to non-sensitive files.
🎯 Exploit Status
Exploitation requires user access to create or edit issues with image attachments in Jira, then trigger PDF export. The vulnerability is well-documented with public proof-of-concept available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 10.3.1 or later
Vendor Advisory: https://marketplace.atlassian.com/apps/5167/better-pdf-exporter-for-jira
Restart Required: Yes
Instructions:
1. Log into Jira as administrator. 2. Navigate to Manage apps/Add-ons. 3. Find Better PDF Exporter plugin. 4. Update to version 10.3.1 or later. 5. Restart Jira service.
🔧 Temporary Workarounds
Disable Better PDF Exporter plugin
allTemporarily disable the vulnerable plugin until patching can be completed
Navigate to Jira Admin → Manage apps → Find Better PDF Exporter → Click Disable
Restrict image upload permissions
allLimit which users can upload images to Jira issues to reduce attack surface
Configure Jira permissions to restrict image uploads to trusted users only
🧯 If You Can't Patch
- Disable the Better PDF Exporter plugin completely
- Implement strict file permission controls on the Jira server to limit accessible files
🔍 How to Verify
Check if Vulnerable:
Check the Better PDF Exporter plugin version in Jira Admin → Manage apps. If version is 10.3.0 or earlier, the system is vulnerable.Check Version:
In Jira web interface: Admin → Manage apps → Find Better PDF Exporter → Check version numberVerify Fix Applied:
Verify the plugin version shows 10.3.1 or later in Jira Admin → Manage apps after update.📡 Detection & Monitoring
Log Indicators:
- Unusual PDF export requests with image attachments
- Multiple failed file access attempts in server logs
- Access to sensitive file paths in application logs
Network Indicators:
- Unusual outbound traffic from Jira server following PDF exports
- Multiple PDF export requests from single user in short timeframe
SIEM Query:
source="jira.log" AND ("PDF export" OR "Better PDF") AND ("image" OR "attachment") AND status=200🔗 References
- https://gccybermonks.com/posts/pdfjira/
- https://marketplace.atlassian.com/apps/5167/better-pdf-exporter-for-jira?tab=versions&hosting=datacenter
- https://marketplace.atlassian.com/apps/5167/better-pdf-exporter-for-jira?tab=versions&hosting=server
- https://gccybermonks.com/posts/pdfjira/
- https://marketplace.atlassian.com/apps/5167/better-pdf-exporter-for-jira?tab=versions&hosting=datacenter
- https://marketplace.atlassian.com/apps/5167/better-pdf-exporter-for-jira?tab=versions&hosting=server
