The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a project via a missing authorisation check.
References
Link | Resource |
---|---|
https://jira.atlassian.com/browse/JRASERVER-70405 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
25 Mar 2022, 17:20
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:* | |
First Time |
Atlassian jira Server
|
Information
Published : 2019-12-18 04:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-15013
Mitre link : CVE-2019-15013
CVE.ORG link : CVE-2019-15013
JSON object : View
Products Affected
atlassian
- jira
- jira_server
CWE
CWE-862
Missing Authorization