Main Vulnerability Database Vulnerabilities #VU30378

#VU30378 Incorrect default permissions in Jira Software - CVE-2019-20106

Published: February 6, 2020 / Updated: July 17, 2020

Vulnerability identifier: #VU30378

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-20106

CWE-ID: CWE-276

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Jira Software

Software vendor:
Atlassian

Description

The vulnerability allows a remote authenticated user to manipulate data.

Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug.

Remediation

Install update from vendor's website.

External links

https://jira.atlassian.com/browse/JRASERVER-70543

#VU30378 Incorrect default permissions in Jira Software - CVE-2019-20106

Description

Remediation

External links

Please verify you're human