Description

The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check.

Remediation

References

CVE-2019-3399

Related Vulnerabilities

Vanilla Forums Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4954)

WordPress Plugin Mapwiz SQL Injection (1.0.1)

WordPress Plugin Sexy Add Template Cross-Site Request Forgery (1.0)

MySQL CVE-2021-2002 Vulnerability (CVE-2021-2002)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4112)

Severity

High

Classification

CVE-2019-3399 CWE-862

Tags

Missing Update Known Vulnerabilities