6.5
CVE-2018-13400
- EPSS 1.44%
- Veröffentlicht 23.10.2018 13:29:02
- Zuletzt bearbeitet 21.11.2024 03:47:01
- Quelle security@atlassian.com
- CVE-Watchlists
- Unerledigt
LoginSeveral administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Atlassian ≫ Jira Server Version >= 7.7.0 < 7.7.5
Atlassian ≫ Jira Server Version >= 7.8.0 < 7.8.5
Atlassian ≫ Jira Server Version >= 7.9.0 < 7.9.3
Atlassian ≫ Jira Server Version >= 7.10.0 < 7.10.3
Atlassian ≫ Jira Server Version >= 7.11.0 < 7.11.3
Atlassian ≫ Jira Server Version >= 7.12.0 < 7.12.3
Atlassian ≫ Jira Server Version >= 7.13.0 < 7.13.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.44% | 0.697 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.7 | 1.2 | 3.4 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
http://www.securityfocus.com/bid/105751
https://jira.atlassian.com/browse/JRASERVER-68138