Description

The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.

Remediation

References

CVE-2007-6619

Related Vulnerabilities

WP Easy Gallery Cross-Site Scripting (4.1.4)

WP Statistics SQL Injection (12.6.6.1)

Oracle Database Server CVE-2019-2571 Vulnerability (CVE-2019-2571)

PublishPress Capabilities-User Role Access, Editor Permissions, Admin Menus Cross-Site Request Forgery (2.3.1)

Contao Deserialization of Untrusted Data Vulnerability (CVE-2014-1860)

Severity

High

Classification

CVE-2007-6619 CWE-264

Tags

Missing Update Known Vulnerabilities