Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-15013

The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a project via a missing authorisation check.

Published

2019-12-18T04:15:14.197

Last Modified

2024-11-21T04:27:52.437

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	atlassian	jira	< 7.13.12	Yes
Application	atlassian	jira_server	< 8.4.3	Yes
Application	atlassian	jira_server	< 8.5.2	Yes

References

https://jira.atlassian.com/browse/JRASERVER-70405 Vendor Advisory ([email protected])
https://jira.atlassian.com/browse/JRASERVER-70405 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)