The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/108458 | Broken Link |
https://jira.atlassian.com/browse/JRASERVER-69240 | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: atlassian
Published: 2019-05-08T00:00:00
Updated: 2019-05-27T06:06:03
Reserved: 2019-02-18T00:00:00
Link: CVE-2019-8443
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-05-22T18:29:02.100
Modified: 2022-04-22T20:10:59.430
Link: CVE-2019-8443
JSON object: View
Redhat Information
No data.
CWE