WEB APPLICATION VULNERABILITIES Standard & Premium

Atlassian Jira Incorrect Default Permissions Vulnerability (CVE-2019-20106)

Description

Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug.

Remediation

References

Related Vulnerabilities

MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7321)

Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.6)

WordPress Plugin WP Spell Check Cross-Site Request Forgery (7.1.9)

MediaWiki Improper Authentication Vulnerability (CVE-2021-36128)

Contao Improper Privilege Management Vulnerability (CVE-2021-37627)

Severity

Medium

Classification

CVE-2019-20106 CWE-276

Tags

Missing Update Known Vulnerabilities