The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a project via a missing authorisation check.
References
| Link | Resource |
|---|---|
| https://jira.atlassian.com/browse/JRASERVER-70405 | Vendor Advisory |
| https://jira.atlassian.com/browse/JRASERVER-70405 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:27
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://jira.atlassian.com/browse/JRASERVER-70405 - Vendor Advisory |
Information
Published : 2019-12-18 04:15
Updated : 2024-11-21 04:27
NVD link : CVE-2019-15013
Mitre link : CVE-2019-15013
CVE.ORG link : CVE-2019-15013
JSON object : View
Products Affected
atlassian
- jira_server
- jira
CWE
CWE-862
Missing Authorization