CVE-2007-6619 - Permissions, Privileges, and Access Control vulnerability in Atlassian Jira 3.12

Publication

2008-01-03

Last modification

2008-11-15

Summary

The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.

Classification

CWE-264 - Permissions, Privileges, and Access Control

Risk level (CVSS AV:N/AC:L/Au:N/C:P/I:P/A:P)

High

7.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Atlassian Jira  3.12