CVE-2019-20106
Description
Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug.
Risk Information
Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.212
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities affected in Atlassian Jira 8.6.2 | Windows |
| Vulnerabilities CVE-2019-20106 are affected in Atlassian Jira Core Data Center 8.5.3 | Windows |
| Vulnerabilities CVE-2019-20106,CVE-2019-20417 are affected in Atlassian Jira Core Data Center 8.6.0 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234