Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 8.11.0, 7.13.16, 8.5.7, 8.9.2, 8.10.1
Affects Version/s: 8.0.0, 7.6.15, 8.7.1
Component/s: Administration - Permission Helper
Labels:
- advisory
- advisory-released
- bugbounty
- cve-2020-14174
- cvss-low
- idor
- monsters
- security

Fixed in Long Term Support Release/s:

Download 7.13, 8.5
Introduced in Version:
7.06
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper.

Affected versions:

version < 7.13.16
8.0.0 ≤ version < 8.5.7
8.6.0 ≤ version < 8.9.2
8.10.0 ≤ version < 8.10.1

Fixed versions:

7.13.16
8.5.7
8.9.2
8.10.1
8.11.0

Attachments

Issue Links

was cloned as

JRASERVER-73811 IDOR (Insecure direct object references) in Jira 8.13.10

Short Term Backlog

mentioned in: Page Loading...; Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 09/Jul/2020 5:35 AM

Updated:: 17/May/2022 9:43 AM

Resolved:: 09/Jul/2020 5:38 AM