exploitDog

CVE-2018-13400

Опубликовано: 23 окт. 2018

Источник: nvd

CVSS3: 4.7

CVSS2: 6.5

EPSS Низкий

Описание

Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.

Ссылки

http://www.securityfocus.com/bid/105751
Third Party Advisory
VDB Entry
https://jira.atlassian.com/browse/JRASERVER-68138
Issue Tracking
Vendor Advisory
http://www.securityfocus.com/bid/105751
Third Party Advisory
VDB Entry
https://jira.atlassian.com/browse/JRASERVER-68138
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*

Версия до 7.6.9 (исключая)

cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

Версия от 7.7.0 (включая) до 7.7.5 (исключая)

cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

Версия от 7.8.0 (включая) до 7.8.5 (исключая)

cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

Версия от 7.9.0 (включая) до 7.9.3 (исключая)

cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

Версия от 7.10.0 (включая) до 7.10.3 (исключая)

cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

Версия от 7.11.0 (включая) до 7.11.3 (исключая)

cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

Версия от 7.12.0 (включая) до 7.12.3 (исключая)

cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

Версия от 7.13.0 (включая) до 7.13.1 (исключая)

EPSS

Процентиль: 57%

0.00352

Низкий

4.7 Medium

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-269

Связанные уязвимости

GHSA-m8ff-2fmf-jvwm

CVSS3: 4.7

github

около 3 лет назад

Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.

EPSS

Процентиль: 57%

0.00352

Низкий

4.7 Medium

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-269