CVE-2019-8443

Published: May 22, 2019Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.

Affected (3)

Products: Atlassian: Jira, Jira Server

2 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Atlassian Jira	Before 7.13.4
Atlassian Jira Server	From 8.0.0 to 8.0.4
Atlassian Jira Server	From 8.1.0 to 8.1.1

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

http://www.securityfocus.com/bid/108458

Source: security@atlassian.com

Broken Link

https://jira.atlassian.com/browse/JRASERVER-69240

Source: security@atlassian.com

Issue TrackingVendor Advisory

http://www.securityfocus.com/bid/108458

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://jira.atlassian.com/browse/JRASERVER-69240

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.