{"containers": {"cna": {"affected": [{"product": "Jira", "vendor": "Atlassian", "versions": [{"lessThan": "7.13.12", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.0.0", "versionType": "custom"}, {"lessThan": "8.4.3", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.5.0", "versionType": "custom"}, {"lessThan": "8.5.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2019-12-18T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a project via a missing authorisation check."}], "problemTypes": [{"descriptions": [{"description": "Improper Authorization", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-18T03:30:12.000Z", "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://jira.atlassian.com/browse/JRASERVER-70405"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2019-12-18T00:00:00", "ID": "CVE-2019-15013", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jira", "version": {"version_data": [{"version_affected": "<", "version_value": "7.13.12"}, {"version_affected": ">=", "version_value": "8.0.0"}, {"version_affected": "<", "version_value": "8.4.3"}, {"version_affected": ">=", "version_value": "8.5.0"}, {"version_affected": "<", "version_value": "8.5.2"}]}}]}, "vendor_name": "Atlassian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a project via a missing authorisation check."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Authorization"}]}]}, "references": {"reference_data": [{"name": "https://jira.atlassian.com/browse/JRASERVER-70405", "refsource": "MISC", "url": "https://jira.atlassian.com/browse/JRASERVER-70405"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:34:53.218Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.atlassian.com/browse/JRASERVER-70405"}]}]}, "cveMetadata": {"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "assignerShortName": "atlassian", "cveId": "CVE-2019-15013", "datePublished": "2019-12-18T03:30:12.315Z", "dateReserved": "2019-08-13T00:00:00.000Z", "dateUpdated": "2024-09-16T16:57:38.126Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*", "matchCriteriaId": "F460A680-2B63-426A-8A84-4C82FBF1F9CC", "versionEndExcluding": "7.13.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "B693DA20-3CDC-4089-82E3-F169BDFC3B04", "versionEndExcluding": "8.4.3", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "092C476C-0D3A-41A1-90E3-295730FD74EB", "versionEndExcluding": "8.5.2", "versionStartIncluding": "8.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a project via a missing authorisation check."}, {"lang": "es", "value": "El m\u00e9todo removeStatus de la clase WorkflowResource en Jira versiones anteriores a la versi\u00f3n 7.13.12, desde la versi\u00f3n 8.0.0 anteriores a la versi\u00f3n 8.4.3 y desde la versi\u00f3n 8.5.0 anteriores a la versi\u00f3n 8.5.2, permite a atacantes remotos autenticados que no tienen acceso de administraci\u00f3n del proyecto eliminar un estado del problema configurado desde el proyecto por medio de una falta de comprobaci\u00f3n de autorizaci\u00f3n."}], "id": "CVE-2019-15013", "lastModified": "2024-11-21T04:27:52.437", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-18T04:15:14.197", "references": [{"source": "security@atlassian.com", "tags": ["Vendor Advisory"], "url": "https://jira.atlassian.com/browse/JRASERVER-70405"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://jira.atlassian.com/browse/JRASERVER-70405"}], "sourceIdentifier": "security@atlassian.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}