CVE-2019-15013

The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a project via a missing authorisation check.

Published: Dec 18, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-15013
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
atlassian / jira	-	7.13.12
atlassian / jira_server	8.5.0	8.5.2
atlassian / jira_server	8.0.0	8.4.3

https://jira.atlassian.com/browse/JRASERVER-70405

Vulnerability Database

289,784

CVE-2019-15013