CVE-2019-20106

CVE Database · CVE-2019-20106

CVE-2019-20106

· MEDIUMModified

CVSS v3.1

4.3

EPSS

1.19%

Published

Feb 6, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Weaknesses (CWE)

CWE-276

Affected Products (6)

atlassian · jira (up to 7.13.12)vulnerable

atlassian · jira_data_center (up to 8.5.4)vulnerable

atlassian · jira_data_centervulnerable

atlassian · jira_server (up to 8.5.4)vulnerable

atlassian · jira_servervulnerable

atlassian · jira_software_data_center (up to 7.13.12)vulnerable

References (2)

https://jira.atlassian.com/browse/JRASERVER-70543

Issue TrackingVendor Advisory

https://jira.atlassian.com/browse/JRASERVER-70543

Issue TrackingVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs