Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-70543

Jira Server Comment Permissions Broken Access Control Bug - CVE-2019-20106

    XMLWordPrintable

    Details

      Description

      Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              dramotowski Daniel Ramotowski
              Reporter:
              cxu Colin Xu
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: