CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-8443

HIGH
8.1
CVSS Severity Score
EPSS Score0.0130%
EPSS Percentile10.36th
Published2019年5月22日
Last Modified2024年11月21日

Vulnerability Description

The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.

Affected Platforms (CPE)

📦
Atlassian

Jira

< 7.13.4
📦
Atlassian

Jira Server

>= 8.0.0 and < 8.0.4
📦
Atlassian

Jira Server

>= 8.1.0 and < 8.1.1

References & Advisories

🔗 http://www.securityfocus.com/bid/108458
🔗 https://jira.atlassian.com/browse/JRASERVER-69240
🔗 http://www.securityfocus.com/bid/108458
🔗 https://jira.atlassian.com/browse/JRASERVER-69240

相关漏洞威胁

CVE-2019-165419.9

Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing ...

CVE-2019-204099.8

The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attac...

CVE-2019-115819.8

There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the Send...

CVE-2020-141729.8

This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has b...