[JRASERVER-73597] Admin user can download audit logs without WebSudo validation - Create and track feature requests for Atlassian products.

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low (View bug fix roadmap)
Fix Version/s: 9.0.0, 8.20.11, 8.13.25, 8.22.6
Affects Version/s: 8.13.0, 8.20.0, 8.21.0, 8.22.0, 8.13.24
Component/s: None
Labels:

CVSS Score:
3
CVSS Severity:
Low

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to bypass WebSudo validation in order to download audit logs, via a Broken Access Control vulnerability in the /auditing/export/download endpoint.

mentioned in: Page Failed to load; Page Failed to load; Page Failed to load; Page Failed to load; Page Failed to load; Page Loading...

(1 mentioned in)

Loading...

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: 9.0.0, 8.20.11, 8.13.25, 8.22.6
Affects Version/s: 8.13.0, 8.20.0, 8.21.0, 8.22.0, 8.13.24
Component/s: None
Labels:

CVSS Score:
3
CVSS Severity:
Low

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to bypass WebSudo validation in order to download audit logs, via a Broken Access Control vulnerability in the /auditing/export/download endpoint.

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(1 mentioned in)

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 21 Start watching this issue

Created:: 16/Mar/2022 5:14 AM

Updated:: 21/Feb/2023 3:40 PM

Resolved:: 06/Apr/2022 2:04 AM

Details

Description

Attachments

Issue Links

Forms

Activity