CyberSec.Space Logo
Back to CVE Browser

CVE-2019-8443

HIGH
8.1
CVSS Severity Score
EPSS Score0.0130%
EPSS Percentile10.36th
PublishedMay 22, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.

Affected Platforms (CPE)

πŸ“¦
Atlassian

Jira

< 7.13.4
πŸ“¦
Atlassian

Jira Server

>= 8.0.0 and < 8.0.4
πŸ“¦
Atlassian

Jira Server

>= 8.1.0 and < 8.1.1

References & Advisories

πŸ”— http://www.securityfocus.com/bid/108458
πŸ”— https://jira.atlassian.com/browse/JRASERVER-69240
πŸ”— http://www.securityfocus.com/bid/108458
πŸ”— https://jira.atlassian.com/browse/JRASERVER-69240

Related Vulnerabilities

CVE-2019-165419.9

Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing ...

CVE-2019-204099.8

The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attac...

CVE-2019-115819.8

There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the Send...

CVE-2020-141729.8

This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has b...