The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check.
References
Link | Resource |
---|---|
https://jira.atlassian.com/browse/JRASERVER-70599 | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: atlassian
Published: 2020-03-17T00:00:00
Updated: 2020-03-17T03:10:12
Reserved: 2020-01-23T00:00:00
Link: CVE-2019-20407
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-03-17T03:15:11.043
Modified: 2022-03-30T13:21:19.000
Link: CVE-2019-20407
JSON object: View
Redhat Information
No data.
CWE