Main Vulnerability Database Vulnerabilities #VU34730

Missing Authorization in Jira Software - CVE-2019-20407

Published: March 17, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34730

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-20407

CWE-ID: CWE-862

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Atlassian

Affected software:
Jira Software

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check.

How to mitigate CVE-2019-20407

Install update from vendor's website.

Sources

https://jira.atlassian.com/browse/JRASERVER-70599

Missing Authorization in Jira Software - CVE-2019-20407

Detailed vulnerability description

How to mitigate CVE-2019-20407

Sources

Please verify you're human