CVE-2007-6619

The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24	Patch
http://osvdb.org/42770
http://secunia.com/advisories/27954	Patch Vendor Advisory
http://www.securityfocus.com/bid/27095
http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24	Patch
http://osvdb.org/42770
http://secunia.com/advisories/27954	Patch Vendor Advisory
http://www.securityfocus.com/bid/27095

Configurations

Configuration 1 (hide)

cpe:2.3:a:atlassian:jira:*:*:enterprise:*:*:*:*:*

History

21 Nov 2024, 00:40

Type	Values Removed	Values Added
References	~~() http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24 - Patch~~	() http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24 - Patch
References	~~() http://osvdb.org/42770 -~~	() http://osvdb.org/42770 -
References	~~() http://secunia.com/advisories/27954 - Patch, Vendor Advisory~~	() http://secunia.com/advisories/27954 - Patch, Vendor Advisory
References	~~() http://www.securityfocus.com/bid/27095 -~~	() http://www.securityfocus.com/bid/27095 -

Information

Published : 2008-01-03 23:46

Updated : 2024-11-21 00:40

NVD link : CVE-2007-6619

Mitre link : CVE-2007-6619

CVE.ORG link : CVE-2007-6619

JSON object : View

Products Affected

atlassian

jira

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2007-6619", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-01-03T23:46:00.000", "references": [{"url": "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/42770", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27954", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27095", "source": "cve@mitre.org"}, {"url": "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/42770", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/27954", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/27095", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language."}, {"lang": "es", "value": "El Asistente de Instalaci\u00f3n de Atlassian JIRAEnterprise Edition anterior a 3.12.1 no restringe adecuadamente los intentos de instalaci\u00f3n una vez que la instalaci\u00f3n se ha completado, lo cual permite a atacantes remotos cambiar el lenguaje por defecto."}], "lastModified": "2024-11-21T00:40:36.970", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:jira:*:*:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "204318E0-AA2F-4DCD-9CCE-73A2F2DD838D", "versionEndIncluding": "3.12"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}