JIRA Enterprise Edition before 3.12.1 allows remote attackers to delete another user's shared filter via a modified filter ID.
Atlassian JIRA is prone to multiple security-bypass weaknesses that may allow an unauthorized attacker to bypass certain security restrictions to delete shared filters and change default language settings of arbitrary users.These issues affect versions prior to JIRA 3.12.1.
The vendor released an advisory and fixes to address these issues. Please see the references for more information.
Attackers can use standard tools to exploit these weaknesses.
|2008-01-03||CVE-2007-6619||Permissions, Privileges, and Access Control vulnerability in Atlassian Jira 3.12||High|
|2008-01-03||CVE-2007-6617||Cross-Site Scripting (XSS) vulnerability in Atlassian Jira 3.12||Medium|