gsd-2018-13400
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-13400",
"description": "Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator\u0027s session to access certain administrative resources without needing to re-authenticate to pass \"WebSudo\" through an improper access control vulnerability.",
"id": "GSD-2018-13400"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-13400"
],
"details": "Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator\u0027s session to access certain administrative resources without needing to re-authenticate to pass \"WebSudo\" through an improper access control vulnerability.",
"id": "GSD-2018-13400",
"modified": "2023-12-13T01:22:26.801455Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-10-23T00:00:00",
"ID": "CVE-2018-13400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.6.9"
},
{
"version_affected": "\u003e=",
"version_value": "7.7.0"
},
{
"version_affected": "\u003c",
"version_value": "7.7.5"
},
{
"version_affected": "\u003e=",
"version_value": "7.8.0"
},
{
"version_affected": "\u003c",
"version_value": "7.8.5"
},
{
"version_affected": "\u003e=",
"version_value": "7.9.0"
},
{
"version_affected": "\u003c",
"version_value": "7.9.3"
},
{
"version_affected": "\u003e=",
"version_value": "7.10.0"
},
{
"version_affected": "\u003c",
"version_value": "7.10.3"
},
{
"version_affected": "\u003e=",
"version_value": "7.11.0"
},
{
"version_affected": "\u003c",
"version_value": "7.11.3"
},
{
"version_affected": "\u003e=",
"version_value": "7.12.0"
},
{
"version_affected": "\u003c",
"version_value": "7.12.3"
},
{
"version_affected": "\u003e=",
"version_value": "7.13.0"
},
{
"version_affected": "\u003c",
"version_value": "7.13.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator\u0027s session to access certain administrative resources without needing to re-authenticate to pass \"WebSudo\" through an improper access control vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/JRASERVER-68138",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/JRASERVER-68138"
},
{
"name": "105751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105751"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.7.5",
"versionStartIncluding": "7.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.8.5",
"versionStartIncluding": "7.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.9.3",
"versionStartIncluding": "7.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.10.3",
"versionStartIncluding": "7.10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.12.3",
"versionStartIncluding": "7.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.6.9",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.11.3",
"versionStartIncluding": "7.11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.13.1",
"versionStartIncluding": "7.13.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"ID": "CVE-2018-13400"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator\u0027s session to access certain administrative resources without needing to re-authenticate to pass \"WebSudo\" through an improper access control vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/JRASERVER-68138",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://jira.atlassian.com/browse/JRASERVER-68138"
},
{
"name": "105751",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105751"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
},
"lastModifiedDate": "2022-03-25T17:22Z",
"publishedDate": "2018-10-23T13:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.