Description

Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug.

Remediation

References

CVE-2019-20106

Related Vulnerabilities

MySQL CVE-2016-0666 Vulnerability (CVE-2016-0666)

WordPress Plugin Simplified Content Cross-Site Scripting (1.0.0)

WordPress Plugin Responsive Clients Logo Gallery for WordPress-Smart Logo Showcase Lite includes Backdoor [Only if downloaded via the vendor website] (1.1.7)

Oracle JRE CVE-2012-0551 Vulnerability (CVE-2012-0551)

PostgreSQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-0773)

Severity

Medium

Classification

CVE-2019-20106 CWE-276

Tags

Missing Update Known Vulnerabilities