Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 7.6.9, 7.7.5, 7.8.5, 7.9.3, 7.10.3, 7.11.3, 7.12.3, 7.13.1
Affects Version/s: 7.2.14, 7.6.6
Component/s: System Administration - Others
Labels:

Fixed in Long Term Support Release/s:

Download 7.13, 7.6
Introduced in Version:
7.02
Symptom Severity:
Severity 3 - Minor

Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.

Assignee:: Unassigned
Reporter:: Security Metrics Bot
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: 22/Oct/2018 11:33 PM
Updated:: 22/May/2020 8:24 AM
Resolved:: 22/Oct/2018 11:42 PM

Details

Description

Attachments

Forms

Activity

People

Dates