CVE-2019-8443

The ViewUpgrades resource in Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers who have obtained access to administrator's session to access the ViewUpgrades administrative resource without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.

Published: May 22, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-8443
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
atlassian / jira	-	7.13.4
atlassian / jira_server	8.1.0	8.1.1
atlassian / jira_server	8.0.0	8.0.4

http://www.securityfocus.com/bid/108458
https://jira.atlassian.com/browse/JRASERVER-69240

Vulnerability Database

289,784

CVE-2019-8443