Improper authorization check in the WorkflowResource class removeStatus method - CVE-2019-15013

2019-12-1622:14:55

security-metrics-bot

jira.atlassian.com

0.001 Low

EPSS

Percentile

42.4%

JSON

The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a project via a missing authorisation check.

CPENameOperatorVersion
jira server and data centerle7.13.9
jira server and data centerlt8.6.0
jira server and data centerle8.3.3
jira server and data centerle8.4.0
jira server and data centerle8.4.1
jira server and data centerlt7.13.12
jira server and data centerlt8.4.3
jira server and data centerlt8.5.2

Name	Operator	Version
jira server and data center	le	7.13.9
jira server and data center	lt	8.6.0
jira server and data center	le	8.3.3
jira server and data center	le	8.4.0
jira server and data center	le	8.4.1
jira server and data center	lt	7.13.12
jira server and data center	lt	8.4.3
jira server and data center	lt	8.5.2

0.001 Low

EPSS

Percentile

42.4%

JSON

Related for ATLASSIAN:JRASERVER-70405