Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 7.8.5, 7.7.5, 7.9.3, 7.10.3, 7.11.3, 7.6.9, 7.13.1, 7.12.3
Affects Version/s: 7.2.14, 7.6.6
Component/s: System Administration - Others
Labels:

Fixed in Long Term Support Release/s:

Download 7.13, 7.6
Introduced in Version:
7.02
Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22/Oct/2018 11:33 PM

Updated:: 22/May/2020 8:24 AM

Resolved:: 22/Oct/2018 11:42 PM