CVE-2019-20402 — Atlassian Jira Server vulnerability

3 documents3 sources

Severity

4.9MEDIUMNVD

EPSS

0.3%

top 50.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira Server Atlassian Jira Atlassian Jira Software Data Center

Timeline

PublishedFeb 6

Latest updateMay 24

Description

Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages3 packages

▶NVDatlassian/jira_software_data_center< 8.6.0

▶CVEListV5atlassian/jira_serverunspecified — 8.6.0

▶NVDatlassian/jira< 8.6.0

🔴Vulnerability Details

GHSA

GHSA-wwjm-wrhr-958r: Support zip files in Atlassian Jira Server and Data Center before version 8↗2022-05-24

▶

CVEList

CVE-2019-20402: Support zip files in Atlassian Jira Server and Data Center before version 8↗2020-02-06

▶