-
Bug
-
Resolution: Fixed
-
Low (View bug fix roadmap)
-
7.12.0, 7.13.0, 7.13.1
-
7.12
-
Severity 2 - Major
-
The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check.
- mentioned in
-
Page Failed to load
[JRASERVER-69246] Information disclosure in the BrowseProjects.jspa resource - CVE-2019-3399
| Fixed in Enterprise Release/s | New: [Download 7.13|https://confluence.atlassian.com/enterprise/atlassian-enterprise-releases-948227420.html] |
| Labels | Original: CVE-2019-3399 advisory advisory-released cvss-high security | New: CVE-2019-3399 advisory advisory-released cvss-high information-disclosure security |
| Remote Link | New: This issue links to "Page (Confluence)" [ 442444 ] |
| Security | Original: Reporter and Atlassian Staff [ 10751 ] |
| Security | New: Reporter and Atlassian Staff [ 10751 ] |
| Labels | Original: CVE-2019-3399 advisory advisory-to-release cvss-high security | New: CVE-2019-3399 advisory advisory-released cvss-high security |
| Labels | Original: advisory advisory-to-release cvss-high security | New: CVE-2019-3399 advisory advisory-to-release cvss-high security |
| Summary | Original: Information disclosure in the BrowseProjects.jspa resource - CVE-2019-3399. | New: Information disclosure in the BrowseProjects.jspa resource - CVE-2019-3399 |
| Summary | Original: Information disclosure in the BrowseProjects.jspa resource - CVE-2019-CVE-2019-3399. | New: Information disclosure in the BrowseProjects.jspa resource - CVE-2019-3399. |
| Summary | Original: Information disclosure in the BrowseProjects.jspa resource - CVE-2019-PENDING | New: Information disclosure in the BrowseProjects.jspa resource - CVE-2019-CVE-2019-3399. |