Vulnerabilities > CVE-2019-5095 - Missing Authorization vulnerability in Tempo 4.10.0

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

tempo

CWE-862

NVD

Published: 2019-10-31

Updated: 2019-11-04

Summary

An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin.

Vulnerable Configurations

Part	Description	Count
Application	Tempo Tempo Tempo 4.10.0	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Talos

id	TALOS-2019-0838
last seen	2019-11-05
published	2019-09-16
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0838
title	Atlassian Jira Tempo plugin issue summary information disclosure vulnerability

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0838