JIRA up to 7.12.2 inline-create Rest Resource privilege escalation

A vulnerability classified as critical has been found in JIRA up to 7.12.2. Affected is an unknown code of the component inline-create Rest Resource. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is classifying the issue as CWE-269. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was disclosed 08/09/2019. This vulnerability is traded as CVE-2018-20826 since 04/30/2019. It is possible to launch the attack remotely. A single authentication is required for exploitation. There are neither technical details nor an exploit publicly available.

Upgrading to version 7.12.3 eliminates this vulnerability.

The entry 139753 is pretty similar.

Name

• JIRA

• 🔒
• 🔒
• 🔒

• 🔒
• 🔒
• 🔒

VulDB Meta Base Score: 6.3
VulDB Meta Temp Score: 6.0

VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔒
VulDB Reliability: 🔍

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Privilege escalation (CWE-269)
Local: No
Remote: Yes

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: Upgrade
Status: 🔍

0-Day Time: 🔒

Upgrade: JIRA 7.12.3

04/30/2019 CVE assigned
08/09/2019 +101 days Advisory disclosed
08/10/2019 +1 days VulDB entry created
08/10/2019 +0 days VulDB last update
CVE: CVE-2018-20826 (🔒)
See also: 🔒Created: 08/10/2019 06:36 AM
Complete: 🔍

Comments

Comments are closed.