CVE-2019-20106

Summary

Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug.

Affected Software

VendorProductVersion RangeStatus
AtlassianJira Server and Data Centerunspecified < 7.13.12affected
AtlassianJira Server and Data Center8.4.1 < unspecifiedaffected
AtlassianJira Server and Data Centerunspecified < 8.5.4affected
AtlassianJira Server and Data Center8.6.0 < unspecifiedaffected
AtlassianJira Server and Data Centerunspecified < 8.6.1affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References