Description

The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.

Remediation

References

CVE-2007-6619

Related Vulnerabilities

Oracle Database Server CVE-2009-3415 Vulnerability (CVE-2009-3415)

Drupal Core 8.3.0 Security Bypass (8.3.0)

Piwigo Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-26267)

GibbonEdu Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-34598)

XWiki Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Vulnerability (CVE-2022-41931)

Severity

High

Classification

CVE-2007-6619 CWE-264

Tags

Missing Update Known Vulnerabilities