The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/108458 | Broken Link |
https://jira.atlassian.com/browse/JRASERVER-69240 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
22 Apr 2022, 20:10
Type | Values Removed | Values Added |
---|---|---|
References | (BID) http://www.securityfocus.com/bid/108458 - Broken Link |
25 Mar 2022, 17:20
Type | Values Removed | Values Added |
---|---|---|
First Time |
Atlassian jira Server
|
|
CPE | cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:* |
Information
Published : 2019-05-22 18:29
Updated : 2023-12-10 12:59
NVD link : CVE-2019-8443
Mitre link : CVE-2019-8443
CVE.ORG link : CVE-2019-8443
JSON object : View
Products Affected
atlassian
- jira
- jira_server
CWE
CWE-287
Improper Authentication