Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Atlassian Jira Incorrect Default Permissions Vulnerability (CVE-2019-20106)

Description

Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug.

Remediation

References

Related Vulnerabilities

WordPress Plugin FileBird-WordPress Media Library Folders & File Manager Cross-Site Scripting (2.4)

Joomla Improper Privilege Management Vulnerability (CVE-2018-11323)

WordPress Plugin Simple Download Monitor Cross-Site Scripting (3.9.10)

WordPress Plugin Random image gallery with pretty photo zoom Cross-Site Scripting (7.4)

TYPO3 Use of Insufficiently Random Values Vulnerability (CVE-2010-3666)

Severity

Medium

Classification

CVE-2019-20106 CWE-276

Tags

Missing Update Known Vulnerabilities