{"containers": {"cna": {"affected": [{"product": "Atlassian", "vendor": "n/a", "versions": [{"status": "affected", "version": "Atlassian Jira 7.6.4 Atlassian Jira Tempo Core system plugin 4.10.0"}]}], "descriptions": [{"lang": "en", "value": "An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin."}], "problemTypes": [{"descriptions": [{"description": "missing authorization", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-31T19:51:08", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0838"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2019-5095", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Atlassian", "version": {"version_data": [{"version_value": "Atlassian Jira 7.6.4 Atlassian Jira Tempo Core system plugin 4.10.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "missing authorization"}]}]}, "references": {"reference_data": [{"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0838", "refsource": "MISC", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0838"}]}}}}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2019-5095", "datePublished": "2019-10-31T19:51:08", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2019-10-31T19:51:08", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tempo:tempo:4.10.0:*:*:*:*:jira:*:*", "matchCriteriaId": "11CF7F83-3D1A-4D0B-84CB-3BFE1BA42FBA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n del resumen de problema en el plugin Atlassian Jira Tempo, versi\u00f3n 4.10.0. Los usuarios autenticados pueden obtener el resumen de los problemas que no tienen permiso para visualizar mediante el plugin Tempo."}], "id": "CVE-2019-5095", "lastModified": "2019-11-04T14:48:14.123", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-31T20:15:11.317", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0838"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}