Permissions bypass in the inline-create rest resource - CVE-2018-20826

2019-04-2903:27:54

security-metrics-bot

jira.atlassian.com

0.001 Low

EPSS

Percentile

39.6%

JSON

The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check.

CPENameOperatorVersion
jira server and data centerlt7.13.0
jira server and data centerlt7.12.3
jira server and data centerlt8.0.0
jira server and data centerle7.10.1
jira server and data centerle7.8.0

Name	Operator	Version
jira server and data center	lt	7.13.0
jira server and data center	lt	7.12.3
jira server and data center	lt	8.0.0
jira server and data center	le	7.10.1
jira server and data center	le	7.8.0

0.001 Low

EPSS

Percentile

39.6%

JSON

Related for ATLASSIAN:JRASERVER-69239