Description

The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.

Remediation

References

CVE-2007-6619

Related Vulnerabilities

WordPress Plugin PDF Flipbook, 3D Flipbook WordPress-DearFlip Cross-Site Scripting (1.7.9)

Squid Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2213)

Joomla Exposure of Resource to Wrong Sphere Vulnerability (CVE-2020-10238)

WordPress Plugin Contact Form Entries-Contact Form 7, WPforms and more Cross-Site Scripting (1.2.0)

WordPress Plugin WCFM Membership-WooCommerce Memberships for Multivendor Marketplace Cross-Site Request Forgery (2.9.10)

Severity

High

Classification

CVE-2007-6619 CWE-264

Tags

Missing Update Known Vulnerabilities