Description

The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.

Remediation

References

CVE-2007-6619

Related Vulnerabilities

phpMyFAQ Weak Password Requirements Vulnerability (CVE-2022-3754)

SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2024-30044)

Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-12386)

WordPress Plugin CIP4 Folder Download Widget Local File Inclusion (1.10)

TYPO3 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2010-3663)

Severity

High

Classification

CVE-2007-6619 CWE-264

Tags

Missing Update Known Vulnerabilities