Description
The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.
Remediation
References
Related Vulnerabilities
Drupal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-6931)
WordPress Plugin Chat-Support Board-WordPress Chat Multiple SQL Injection Vulnerabilities (3.3.3)
WordPress Plugin WP Database Backup Cross-Site Scripting (5.1.1)
WordPress Plugin Portfolio Cross-Site Request Forgery (1.0)
WordPress Plugin AdKlick Advertising Management Unspecified Vulnerability (1.1)