Vulnerabilities > CVE-2019-20407 - Missing Authorization vulnerability in Atlassian Jira Data Center and Jira Server

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
atlassian
CWE-862
nessus
NVD
Published: 2020-03-17
Updated: 2022-03-30

Summary

The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check.

Vulnerable Configurations

Part Description Count
Application
Atlassian
45

Common Weakness Enumeration (CWE)

Nessus

NASL familyCGI abuses
NASL idJIRA_8_6_1_CVE-2019-20407.NASL
descriptionAccording to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is before 8.6.1. It is, therefore, affected by a missing authorization check that allows an authenticated remote attacker to view release version information in projects that they do not have access to.
last seen2020-03-31
modified2020-03-20
plugin id134760
published2020-03-20
reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/134760
titleAtlassian JIRA < 8.6.1 Information Disclosure

References