CVE-2007-6618 - Atlassian JIRA Multiple Security Bypass Weaknesses

Publication

2008-01-03

Last modification

2008-11-15

Summary

JIRA Enterprise Edition before 3.12.1 allows remote attackers to delete another user's shared filter via a modified filter ID.

Description

Atlassian JIRA is prone to multiple security-bypass weaknesses that may allow an unauthorized attacker to bypass certain security restrictions to delete shared filters and change default language settings of arbitrary users.These issues affect versions prior to JIRA 3.12.1.

Solution

The vendor released an advisory and fixes to address these issues. Please see the references for more information.

Exploit

Attackers can use standard tools to exploit these weaknesses.

Risk level (CVSS AV:N/AC:L/Au:N/C:N/I:P/A:N)

Medium

5.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Atlassian Jira  3.12