Authentication Bypass in Jira Software by Atlassian
CVE-2019-20407

4.3MEDIUM

Key Information:

Vendor: Atlassian
Status: Jira Software
Vendor: CVE Published:; 17 March 2020

Summary

Jira Software and Jira Software Data Center have an authentication bypass vulnerability in the ConfigureBambooRelease resource. This flaw allows authenticated remote attackers to access release version information in projects for which they lack authorized access due to a missing authorization check. It poses a significant risk as unauthorized users can potentially view sensitive project release data, highlighting the importance of implementing strong access controls.

Affected Version(s)

Jira Software < 8.6.1

References

https://jira.atlassian.com/browse/JRASERVER-70599

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 17, 2020
Vulnerability Reserved
Jan 23, 2020