CVE-2019-20106

Published: Feb 6, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug.

Affected (6)

Products: Atlassian: Jira, Jira Data Center, Jira Server, Jira Software Data Center

4 products

Jira Software Data Center

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Atlassian Jira	Before 7.13.12
Atlassian Jira Data Center	From 8.0.0 to 8.5.4
Atlassian Jira Data Center	Version 8.6.0
Atlassian Jira Server	From 8.0.0 to 8.5.4
Atlassian Jira Server	Version 8.6.0
Atlassian Jira Software Data Center	Before 7.13.12

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://jira.atlassian.com/browse/JRASERVER-70543

Source: security@atlassian.com

Issue TrackingVendor Advisory

https://jira.atlassian.com/browse/JRASERVER-70543

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.