CVE-2019-8445 — Incorrect Authorization in Atlassian Jira

CWE-863 — Incorrect Authorization CWE-862 — Missing Authorization3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.6%

top 30.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira Atlassian Jira Server

Timeline

PublishedAug 23

Latest updateMay 24

Description

Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5atlassian/jiraunspecified — 7.13.7+2

▶NVDatlassian/jira_server7.13.0 — 7.13.7+1

🔴Vulnerability Details

GHSA

GHSA-7qfx-qq39-2q2j: Several worklog rest resources in Jira before version 7↗2022-05-24

▶

CVEList

CVE-2019-8445: Several worklog rest resources in Jira before version 7↗2019-08-23

▶