Описание
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from version 8.14.0 before 8.20.9.
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.13.21 (исключая)Версия от 8.14.0 (включая) до 8.20.9 (исключая)Версия до 8.13.21 (исключая)Версия от 8.14.0 (включая) до 8.20.9 (исключая)
Одно из
cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.00285
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
CVSS3: 6.5
github
около 4 лет назад
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.21.0.
EPSS
Процентиль: 52%
0.00285
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
NVD-CWE-Other