CVE-2018-13400

Summary

Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.

Affected Software

VendorProductVersion RangeStatus
AtlassianJiraunspecified < 7.6.9affected
AtlassianJira7.7.0 < unspecifiedaffected
AtlassianJiraunspecified < 7.7.5affected
AtlassianJira7.8.0 < unspecifiedaffected
AtlassianJiraunspecified < 7.8.5affected
AtlassianJira7.9.0 < unspecifiedaffected
AtlassianJiraunspecified < 7.9.3affected
AtlassianJira7.10.0 < unspecifiedaffected
AtlassianJiraunspecified < 7.10.3affected
AtlassianJira7.11.0 < unspecifiedaffected
AtlassianJiraunspecified < 7.11.3affected
AtlassianJira7.12.0 < unspecifiedaffected
AtlassianJiraunspecified < 7.12.3affected
AtlassianJira7.13.0 < unspecifiedaffected
AtlassianJiraunspecified < 7.13.1affected

Weaknesses

  • Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References