Vulnerability Description
The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Jira | < 7.13.4 |
| Atlassian | Jira Server | >= 8.0.0, < 8.0.4 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108458Broken Link
- https://jira.atlassian.com/browse/JRASERVER-69240Issue TrackingVendor Advisory
- http://www.securityfocus.com/bid/108458Broken Link
- https://jira.atlassian.com/browse/JRASERVER-69240Issue TrackingVendor Advisory
FAQ
What is CVE-2019-8443?
CVE-2019-8443 is a vulnerability with a CVSS score of 8.1 (HIGH). The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to admini...
How severe is CVE-2019-8443?
CVE-2019-8443 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-8443?
Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Jira, Atlassian Jira Server.