Description

Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticket to which they do not have commenting permissions via a broken access control bug.

Remediation

References

CVE-2019-20106

Related Vulnerabilities

WordPress Plugin SSL Insecure Content Fixer Information Disclosure (2.0.0)

WordPress Plugin Event Calendar WD-Responsive Event Calendar Cross-Site Scripting (1.0.93)

MySQL CVE-2016-0665 Vulnerability (CVE-2016-0665)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1429)

WordPress Plugin AllWebMenus WordPress Menu 'actions.php' Arbitrary File Upload (1.1.8)

Severity

Medium

Classification

CVE-2019-20106 CWE-276

Tags

Missing Update Known Vulnerabilities