CVE-2019-20106

Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug.
References
Link Resource
https://jira.atlassian.com/browse/JRASERVER-70543 Issue Tracking Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:8.6.0:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_data_center:8.6.0:*:*:*:*:*:*:*

Information

Published : 2020-02-06 03:15

Updated : 2022-03-30 01:20


NVD link : CVE-2019-20106

Mitre link : CVE-2019-20106

Products Affected
No products.
CWE
CWE-276

Incorrect Default Permissions