Lucene search
AtlassianCVELIST:CVE-2019-20106HistoryFeb 05, 2020 - 12:00 a.m.
CVE-2019-20106
2020-02-0500:00:00
atlassian
www.cve.org
Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug.
CNA Affected
[
{
"product": "Jira Server and Data Center",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "7.13.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.4.1",
"versionType": "custom"
},
{
"lessThan": "8.5.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.6.0",
"versionType": "custom"
},
{
"lessThan": "8.6.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
prion
prion
Improper access control
2020-02-06 03:15:00
cve
cve
CVE-2019-20106
2020-02-06 03:15:10
nvd
nvd
CVE-2019-20106
2020-02-06 03:15:10
atlassian
atlassian
Jira Server Comment Permissions Broken Access Control Bug - CVE-2019-20106
2020-01-28 03:52:06
Jira Server Comment Permissions Broken Access Control Bug - CVE-2019-20106
2020-01-28 03:52:06
nessus
nessus