CVE-2019-8443

Summary

The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.

Affected Software

VendorProductVersion RangeStatus
AtlassianJiraunspecified < 7.13.4affected
AtlassianJira8.0.0 < unspecifiedaffected
AtlassianJiraunspecified < 8.0.4affected
AtlassianJira8.1.0 < unspecifiedaffected
AtlassianJiraunspecified < 8.1.1affected

Weaknesses

  • Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References