Description

The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.

Remediation

References

CVE-2007-6619

Related Vulnerabilities

Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-0334)

Joomla Improper Input Validation Vulnerability (CVE-2021-26029)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1297)

WordPress Plugin Custom Website Data Cross-Site Scripting (1.0)

Grafana Cleartext Storage of Sensitive Information Vulnerability (CVE-2022-26148)

Severity

High

Classification

CVE-2007-6619 CWE-264

Tags

Missing Update Known Vulnerabilities