Description

The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check.

Remediation

References

CVE-2019-3399

Related Vulnerabilities

WordPress Plugin MemberSonic Lite Security Bypass (1.2)

WordPress Plugin Booking Calendar Cross-Site Scripting (7.1)

WordPress Plugin Contact Form 7 Style Cross-Site Request Forgery (3.1.9)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-3156)

WordPress Plugin Easy Table Cross-Site Scripting (1.5.2)

Severity

High

Classification

CVE-2019-3399 CWE-862

Tags

Missing Update Known Vulnerabilities