exploitDog

GHSA-hmpw-22jw-wcrr

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 4.3

Описание

The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a project via a missing authorisation check.

The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a project via a missing authorisation check.

Ссылки

EPSS

Процентиль: 52%

0.00287

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-862

Связанные уязвимости

CVE-2019-15013

CVSS3: 4.3

nvd

больше 5 лет назад

The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a project via a missing authorisation check.

EPSS

Процентиль: 52%

0.00287

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-862