4.3
CVE-2020-36231
- EPSS 0.27%
- Veröffentlicht 02.02.2021 00:15:12
- Zuletzt bearbeitet 21.11.2024 05:29:06
- Quelle security@atlassian.com
- CVE-Watchlists
- Unerledigt
LoginAffected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Atlassian ≫ Jira Data Center Version >= 8.6.0 < 8.13.2
Atlassian ≫ Jira Data Center Version8.13.3
Atlassian ≫ Jira Server Version >= 8.6.0 < 8.13.2
Atlassian ≫ Jira Server Version8.13.3
Atlassian ≫ Jira Software Data Center Version < 8.5.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.502 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.