Description

The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.

Remediation

References

CVE-2019-8443

Related Vulnerabilities

WordPress Plugin WordPress Colorbox Lightbox Cross-Site Scripting (1.1.2)

Drupal Incorrect Authorization Vulnerability (CVE-2020-13676)

Oracle Database Server CVE-2011-0799 Vulnerability (CVE-2011-0799)

Oracle HTTP Server CVE-2021-25219 Vulnerability (CVE-2021-25219)

WordPress Plugin AdPlugg WordPress Ad Cross-Site Scripting (1.1.33)

Severity

High

Classification

CVE-2019-8443 CWE-287

Tags

Missing Update Known Vulnerabilities