Atlassian Jira Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-6619)

Description

The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.

Remediation

References

CVE-2007-6619

Related Vulnerabilities

WordPress Plugin Divi Builder Cross-Site Scripting (2.17.2)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2010-1866)

WordPress Plugin WebP Express Arbitrary File Disclosure (0.14.10)

PHP Numeric Errors Vulnerability (CVE-2008-2107)

WebLogic Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2022-23437)

Severity

High

Classification

CVE-2007-6619 CWE-264