Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2019-20415

Published

3 years ago

Last Modified

2 years ago

CVSSv2.0 Severity

Medium

CVSSv3.1 Severity

Medium

Impact Analysis

Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0..

CVSSv2.0 Score

Severity: Medium
Base Score: 4.3/10
Exploit Score: 8.6/10
Access Vector: Network
Access Complexity: Medium
Authentication Required: None
Impact Score: 2.9/10
Confidentiality Impact: None
Availability Impact: None
Integrity Impact: Partial

CVSSv3.1 Score

Severity: Medium
Base Score: 4.3/10
Exploit Score: 2.8/10
Access Vector: Network
Access Complexity: Low
Privileges Required: None
Impact Score: 1.4/10
Confidentiality Impact: None
Availability Impact: None
Integrity Impact: Low
Scope: Unchanged
User Interaction: Required

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:a:atlassian:jira::::::::	Yes	-	7.13.3
cpe:2.3:a:atlassian:jira_software_data_center:::::::*:	Yes	-	7.13.3
cpe:2.3:a:atlassian:jira_server::::::::	Yes	8.0.0	8.1.0
cpe:2.3:a:atlassian:jira_data_center::::::::	Yes	8.0.0	8.1.0

References

https://jira.atlassian.com/browse/JRASERVER-70849