#VU57963 Improper Authorization in Jira Software
Vulnerability identifier: #VU57963
Vulnerability risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-285
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Jira Software
Client/Desktop applications /
Other client software
Vendor: Atlassian
Description
The vulnerability allows a remote user to bypass authorization process.
The vulnerability exists due to an error in when processing requests in the /secure/ViewCollectors endpoint. A remote user with revoked access from the Jira Service Management can enable and disable Issue Collectors on Jira Service Management projects.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Jira Software: 8.19.0
External links
http://jira.atlassian.com/browse/JRASERVER-72801
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
