Vulnerability CVE-2019-8443
Published: 2019-05-22

Description:
The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.

Type:

CWE-284

 (Improper Access Control)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Atlassian -> JIRA 

 References:
http://www.securityfocus.com/bid/108458
https://jira.atlassian.com/browse/JRASERVER-69240
Copyright 2024, cxsecurity.com

 

Back to Top