Description
Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability.
Remediation
References
Related Vulnerabilities
phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-16993)
WordPress Plugin Redirection Multiple Cross-Site Scripting Vulnerabilities (2.2.11)
PostgreSQL Other Vulnerability (CVE-2012-1618)
WordPress Plugin Sticky Popup Cross-Site Scripting (1.2)
Artifactory Missing Authorization Vulnerability (CVE-2019-10322)