High

CVE-2007-6619 - Permissions, Privileges, and Access Control vulnerability in Atlassian Jira 3.12

Publication: 2008-01-03
Summary

The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.

Classification
CWE-264: Permissions, Privileges, and Access Control

Risk level (CVSS 7.5)

High

7.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Atlassian Jira 3.12