CVE-2019-20407Missing Authorization in Atlassian Jira Software

CWE-862Missing Authorization3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 49.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Atlassian Jira SoftwareAtlassian Jira Data CenterAtlassian Jira Server
Timeline
PublishedMar 17
Latest updateMay 24

Description

The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

CVEListV5atlassian/jira_softwareunspecified8.6.1
NVDatlassian/jira_data_center8.4.18.5.3+2
NVDatlassian/jira_server8.4.18.5.3+2

🔴Vulnerability Details

2
GHSA
GHSA-2rqq-wmcv-3phw: The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 82022-05-24
CVEList
CVE-2019-20407: The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 82020-03-17
CVE-2019-20407 — Missing Authorization in Atlassian | cvebase