-
Bug
-
Resolution: Fixed
-
Medium (View bug fix roadmap)
-
7.13.1
-
7.13
-
Severity 2 - Major
-
The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[JRASERVER-69240] Authorisation bypass in the ViewUpgrades resource - CVE-2019-8443
| Fixed in Enterprise Release/s | New: [Download 7.13|https://confluence.atlassian.com/enterprise/atlassian-enterprise-releases-948227420.html] |
| Labels | Original: CVE-2019-8443 advisory advisory-released cvss-medium security | New: CVE-2019-8443 advisory advisory-released basm cvss-medium improper-authentication security |
| Remote Link | New: This issue links to "Page (Confluence)" [ 442518 ] |
| Fix Version/s | Original: 8.0.4 [ 85893 ] |
| Remote Link | Original: This issue links to "Page (Confluence)" [ 431419 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 431427 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 431419 ] |
| Remote Link | Original: This issue links to "Page (Confluence)" [ 431410 ] | New: This issue links to "Page (Confluence)" [ 431410 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 431410 ] |
| Labels | Original: CVE-2019-8443 advisory advisory-to-release cvss-medium security | New: CVE-2019-8443 advisory advisory-released cvss-medium security |