Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects' Users & Roles settings, via a Broken Authentication vulnerability in the /plugins/servlet/project-config/PROJECT/roles endpoint. The affected versions are before version 8.19.1.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NAtlassian Jira Software Data Center
APPAtlassian< 8.19.1
Powiązane podatności
This issue exists to document that a security improvement in the way that Jira Server and Data Center use velo...
The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 ...
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private pr...
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names ...
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the ...