diff --git a/2019/11xxx/CVE-2019-11584.json b/2019/11xxx/CVE-2019-11584.json index 89d4efd408b..396319880b4 100644 --- a/2019/11xxx/CVE-2019-11584.json +++ b/2019/11xxx/CVE-2019-11584.json @@ -1,62 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-08-13T00:00:00", - "ID": "CVE-2019-11584", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira", - "version": { - "version_data": [ - { - "version_value": "8.3.2", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-08-13T00:00:00", + "ID": "CVE-2019-11584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_value": "8.3.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-69785" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-69785", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-69785" + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11585.json b/2019/11xxx/CVE-2019-11585.json index f896f8e6d3d..7fc068ac373 100644 --- a/2019/11xxx/CVE-2019-11585.json +++ b/2019/11xxx/CVE-2019-11585.json @@ -1,78 +1,80 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-08-13T00:00:00", - "ID": "CVE-2019-11585", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira", - "version": { - "version_data": [ - { - "version_value": "7.13.6", - "version_affected": "<" - }, - { - "version_value": "8.0.0", - "version_affected": ">=" - }, - { - "version_value": "8.2.3", - "version_affected": "<" - }, - { - "version_value": "8.3.0", - "version_affected": ">=" - }, - { - "version_value": "8.3.2", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "URL Redirection to Untrusted Site ('Open Redirect')" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-08-13T00:00:00", + "ID": "CVE-2019-11585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_value": "7.13.6", + "version_affected": "<" + }, + { + "version_value": "8.0.0", + "version_affected": ">=" + }, + { + "version_value": "8.2.3", + "version_affected": "<" + }, + { + "version_value": "8.3.0", + "version_affected": ">=" + }, + { + "version_value": "8.3.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-69784" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "URL Redirection to Untrusted Site ('Open Redirect')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-69784", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-69784" + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11586.json b/2019/11xxx/CVE-2019-11586.json index 385cb359eef..33fcadd85aa 100644 --- a/2019/11xxx/CVE-2019-11586.json +++ b/2019/11xxx/CVE-2019-11586.json @@ -1,78 +1,80 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-08-13T00:00:00", - "ID": "CVE-2019-11586", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira", - "version": { - "version_data": [ - { - "version_value": "7.13.6", - "version_affected": "<" - }, - { - "version_value": "8.0.0", - "version_affected": ">=" - }, - { - "version_value": "8.2.3", - "version_affected": "<" - }, - { - "version_value": "8.3.0", - "version_affected": ">=" - }, - { - "version_value": "8.3.2", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-08-13T00:00:00", + "ID": "CVE-2019-11586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_value": "7.13.6", + "version_affected": "<" + }, + { + "version_value": "8.0.0", + "version_affected": ">=" + }, + { + "version_value": "8.2.3", + "version_affected": "<" + }, + { + "version_value": "8.3.0", + "version_affected": ">=" + }, + { + "version_value": "8.3.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-69783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-69783", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-69783" + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11587.json b/2019/11xxx/CVE-2019-11587.json index 6329a3893a1..ae996114e93 100644 --- a/2019/11xxx/CVE-2019-11587.json +++ b/2019/11xxx/CVE-2019-11587.json @@ -1,78 +1,80 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-08-13T00:00:00", - "ID": "CVE-2019-11587", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira", - "version": { - "version_data": [ - { - "version_value": "7.13.6", - "version_affected": "<" - }, - { - "version_value": "8.0.0", - "version_affected": ">=" - }, - { - "version_value": "8.2.3", - "version_affected": "<" - }, - { - "version_value": "8.3.0", - "version_affected": ">=" - }, - { - "version_value": "8.3.2", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF)." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-08-13T00:00:00", + "ID": "CVE-2019-11587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_value": "7.13.6", + "version_affected": "<" + }, + { + "version_value": "8.0.0", + "version_affected": ">=" + }, + { + "version_value": "8.2.3", + "version_affected": "<" + }, + { + "version_value": "8.3.0", + "version_affected": ">=" + }, + { + "version_value": "8.3.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-69782" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-69782", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-69782" + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11588.json b/2019/11xxx/CVE-2019-11588.json index 164855f25a4..14cbd065909 100644 --- a/2019/11xxx/CVE-2019-11588.json +++ b/2019/11xxx/CVE-2019-11588.json @@ -1,78 +1,80 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-08-13T00:00:00", - "ID": "CVE-2019-11588", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira", - "version": { - "version_data": [ - { - "version_value": "7.13.6", - "version_affected": "<" - }, - { - "version_value": "8.0.0", - "version_affected": ">=" - }, - { - "version_value": "8.2.3", - "version_affected": "<" - }, - { - "version_value": "8.3.0", - "version_affected": ">=" - }, - { - "version_value": "8.3.2", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-08-13T00:00:00", + "ID": "CVE-2019-11588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_value": "7.13.6", + "version_affected": "<" + }, + { + "version_value": "8.0.0", + "version_affected": ">=" + }, + { + "version_value": "8.2.3", + "version_affected": "<" + }, + { + "version_value": "8.3.0", + "version_affected": ">=" + }, + { + "version_value": "8.3.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-69781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-69781", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-69781" + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11589.json b/2019/11xxx/CVE-2019-11589.json index de1ce49cdcf..2f97112dbd6 100644 --- a/2019/11xxx/CVE-2019-11589.json +++ b/2019/11xxx/CVE-2019-11589.json @@ -1,78 +1,80 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-08-13T00:00:00", - "ID": "CVE-2019-11589", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira", - "version": { - "version_data": [ - { - "version_value": "7.13.6", - "version_affected": "<" - }, - { - "version_value": "8.0.0", - "version_affected": ">=" - }, - { - "version_value": "8.2.3", - "version_affected": "<" - }, - { - "version_value": "8.3.0", - "version_affected": ">=" - }, - { - "version_value": "8.3.2", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "URL Redirection to Untrusted Site ('Open Redirect')" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-08-13T00:00:00", + "ID": "CVE-2019-11589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_value": "7.13.6", + "version_affected": "<" + }, + { + "version_value": "8.0.0", + "version_affected": ">=" + }, + { + "version_value": "8.2.3", + "version_affected": "<" + }, + { + "version_value": "8.3.0", + "version_affected": ">=" + }, + { + "version_value": "8.3.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-69780" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "URL Redirection to Untrusted Site ('Open Redirect')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-69780", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-69780" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14999.json b/2019/14xxx/CVE-2019-14999.json index 1068a9622b3..680a600324b 100644 --- a/2019/14xxx/CVE-2019-14999.json +++ b/2019/14xxx/CVE-2019-14999.json @@ -1,78 +1,80 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-08-22T00:00:00", - "ID": "CVE-2019-14999", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Universal Plugin Manager", - "version": { - "version_data": [ - { - "version_value": "2.22.19", - "version_affected": "<" - }, - { - "version_value": "3.0.0", - "version_affected": ">=" - }, - { - "version_value": "3.0.3", - "version_affected": "<" - }, - { - "version_value": "4.0.0", - "version_affected": ">=" - }, - { - "version_value": "4.0.3", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-08-22T00:00:00", + "ID": "CVE-2019-14999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Universal Plugin Manager", + "version": { + "version_data": [ + { + "version_value": "2.22.19", + "version_affected": "<" + }, + { + "version_value": "3.0.0", + "version_affected": ">=" + }, + { + "version_value": "3.0.3", + "version_affected": "<" + }, + { + "version_value": "4.0.0", + "version_affected": ">=" + }, + { + "version_value": "4.0.3", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://ecosystem.atlassian.net/browse/UPM-6044" - } - ] - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://ecosystem.atlassian.net/browse/UPM-6044", + "refsource": "MISC", + "name": "https://ecosystem.atlassian.net/browse/UPM-6044" + } + ] + } } \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15326.json b/2019/15xxx/CVE-2019-15326.json index cdeb3b75ada..6c9623bd3a8 100644 --- a/2019/15xxx/CVE-2019-15326.json +++ b/2019/15xxx/CVE-2019-15326.json @@ -56,6 +56,11 @@ "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers", "refsource": "MISC", "name": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9392", + "url": "https://wpvulndb.com/vulnerabilities/9392" } ] } diff --git a/2019/8xxx/CVE-2019-8444.json b/2019/8xxx/CVE-2019-8444.json index 6cce3aa9d35..618e5c6d76b 100644 --- a/2019/8xxx/CVE-2019-8444.json +++ b/2019/8xxx/CVE-2019-8444.json @@ -1,70 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-08-13T00:00:00", - "ID": "CVE-2019-8444", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira", - "version": { - "version_data": [ - { - "version_value": "7.13.6", - "version_affected": "<" - }, - { - "version_value": "8.0.0", - "version_affected": ">=" - }, - { - "version_value": "8.3.2", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-08-13T00:00:00", + "ID": "CVE-2019-8444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_value": "7.13.6", + "version_affected": "<" + }, + { + "version_value": "8.0.0", + "version_affected": ">=" + }, + { + "version_value": "8.3.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-69779" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-69779", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-69779" + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8445.json b/2019/8xxx/CVE-2019-8445.json index e3387f9865c..23985426f94 100644 --- a/2019/8xxx/CVE-2019-8445.json +++ b/2019/8xxx/CVE-2019-8445.json @@ -1,70 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-08-13T00:00:00", - "ID": "CVE-2019-8445", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira", - "version": { - "version_data": [ - { - "version_value": "7.13.7", - "version_affected": "<" - }, - { - "version_value": "8.0.0", - "version_affected": ">=" - }, - { - "version_value": "8.3.2", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Incorrect Authorization (CWE-863)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-08-13T00:00:00", + "ID": "CVE-2019-8445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_value": "7.13.7", + "version_affected": "<" + }, + { + "version_value": "8.0.0", + "version_affected": ">=" + }, + { + "version_value": "8.3.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-69778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Authorization (CWE-863)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-69778", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-69778" + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8446.json b/2019/8xxx/CVE-2019-8446.json index 0d1b01df3cd..84e3630c9b7 100644 --- a/2019/8xxx/CVE-2019-8446.json +++ b/2019/8xxx/CVE-2019-8446.json @@ -1,62 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-08-13T00:00:00", - "ID": "CVE-2019-8446", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira", - "version": { - "version_data": [ - { - "version_value": "8.3.2", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Incorrect Authorization (CWE-863)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-08-13T00:00:00", + "ID": "CVE-2019-8446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_value": "8.3.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-69777" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Authorization (CWE-863)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-69777", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-69777" + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8447.json b/2019/8xxx/CVE-2019-8447.json index 336f7ffee51..8a7dc7d360d 100644 --- a/2019/8xxx/CVE-2019-8447.json +++ b/2019/8xxx/CVE-2019-8447.json @@ -1,62 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-08-13T00:00:00", - "ID": "CVE-2019-8447", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jira", - "version": { - "version_data": [ - { - "version_value": "8.3.2", - "version_affected": "<" - } - ] - } - } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Cross-Site Request Forgery (CSRF)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-08-13T00:00:00", + "ID": "CVE-2019-8447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_value": "8.3.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://jira.atlassian.com/browse/JRASERVER-69776" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/JRASERVER-69776", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-69776" + } + ] + } +} \ No newline at end of file