The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check.
References
Link | Resource |
---|---|
https://jira.atlassian.com/browse/JRASERVER-70599 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
30 Mar 2022, 13:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:* | |
First Time |
Atlassian jira Data Center
|
25 Mar 2022, 18:14
Type | Values Removed | Values Added |
---|---|---|
CPE |
25 Mar 2022, 17:18
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:* | |
First Time |
Atlassian jira Server
|
Information
Published : 2020-03-17 03:15
Updated : 2023-12-10 13:27
NVD link : CVE-2019-20407
Mitre link : CVE-2019-20407
CVE.ORG link : CVE-2019-20407
JSON object : View
Products Affected
atlassian
- jira_server
- jira_data_center
CWE
CWE-862
Missing Authorization