From 53fd1e039e00a01dcdbaba9d89a5a19e548360a0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 17 Mar 2020 03:01:22 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/20xxx/CVE-2019-20105.json | 236 +++++++++++++++++---------------- 1 file changed, 120 insertions(+), 116 deletions(-) diff --git a/2019/20xxx/CVE-2019-20105.json b/2019/20xxx/CVE-2019-20105.json index 9560c40acf8..054ca5d999a 100644 --- a/2019/20xxx/CVE-2019-20105.json +++ b/2019/20xxx/CVE-2019-20105.json @@ -1,120 +1,124 @@ { - "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2020-03-17T00:00:00", - "ID": "CVE-2019-20105", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-03-17T00:00:00", + "ID": "CVE-2019-20105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "product_name": "Application Links", - "version": { - "version_data": [ - { - "version_value": "5.4.20", - "version_affected": "<" - }, - { - "version_value": "6.0.0", - "version_affected": ">=" - }, - { - "version_value": "6.0.12", - "version_affected": "<" - }, - { - "version_value": "7.0.0", - "version_affected": ">=" - }, - { - "version_value": "7.0.1", - "version_affected": "<" - }, - { - "version_value": "7.1.0", - "version_affected": ">=" - }, - { - "version_value": "7.1.3", - "version_affected": "<" - } - ] - } - }, - { - "product_name": "Jira Server and Data Center", - "version": { - "version_data": [ - { - "version_value": "7.13.8", - "version_affected": ">=" - }, - { - "version_value": "7.13.12", - "version_affected": "<" - }, - { - "version_value": "8.4.2", - "version_affected": ">=" - }, - { - "version_value": "8.5.4", - "version_affected": "<" - }, - { - "version_value": "8.6.0", - "version_affected": ">=" - }, - { - "version_value": "8.6.1", - "version_affected": "<" - } - ] - } + "product": { + "product_data": [ + { + "product_name": "Application Links", + "version": { + "version_data": [ + { + "version_value": "5.4.20", + "version_affected": "<" + }, + { + "version_value": "6.0.0", + "version_affected": ">=" + }, + { + "version_value": "6.0.12", + "version_affected": "<" + }, + { + "version_value": "7.0.0", + "version_affected": ">=" + }, + { + "version_value": "7.0.1", + "version_affected": "<" + }, + { + "version_value": "7.1.0", + "version_affected": ">=" + }, + { + "version_value": "7.1.3", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Jira Server and Data Center", + "version": { + "version_data": [ + { + "version_value": "7.13.8", + "version_affected": ">=" + }, + { + "version_value": "7.13.12", + "version_affected": "<" + }, + { + "version_value": "8.4.2", + "version_affected": ">=" + }, + { + "version_value": "8.5.4", + "version_affected": "<" + }, + { + "version_value": "8.6.0", + "version_affected": ">=" + }, + { + "version_value": "8.6.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" } - ] - }, - "vendor_name": "Atlassian" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote attackers who have obtained access to administrator's session to access the EditApplinkServlet resource without needing to re-authenticate to pass \"WebSudo\" in products that support \"WebSudo\" through an improper access control vulnerability." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Improper Authorization" - } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://ecosystem.atlassian.net/browse/APL-1391" - }, - { - "url": "https://jira.atlassian.com/browse/JRASERVER-70526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The EditApplinkServlet resource in the Atlassian Application Links plugin before version 5.4.20, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.1, and from version 7.1.0 before version 7.1.3 allows remote attackers who have obtained access to administrator's session to access the EditApplinkServlet resource without needing to re-authenticate to pass \"WebSudo\" in products that support \"WebSudo\" through an improper access control vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://ecosystem.atlassian.net/browse/APL-1391", + "refsource": "MISC", + "name": "https://ecosystem.atlassian.net/browse/APL-1391" + }, + { + "url": "https://jira.atlassian.com/browse/JRASERVER-70526", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/JRASERVER-70526" + } + ] + } +} \ No newline at end of file