Description

The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a project via a missing authorisation check.

Remediation

References

CVE-2019-15013

Related Vulnerabilities

WebERP Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2020-22474)

SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-14508)

WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.12)

Jboss EAP Cryptographic Issues Vulnerability (CVE-2012-5575)

Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2022-23181)

Severity

Medium

Classification

CVE-2019-15013 CWE-862

Tags

Missing Update Known Vulnerabilities