mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
113 lines
3.4 KiB
JSON
113 lines
3.4 KiB
JSON
{
|
|
"id": "CVE-2019-20400",
|
|
"sourceIdentifier": "security@atlassian.com",
|
|
"published": "2020-02-06T03:15:10.280",
|
|
"lastModified": "2022-03-25T18:14:28.333",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject code into via a DLL hijacking vulnerability."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "El uso de Tomcat en Jira antes de la versi\u00f3n 8.5.2, permite a atacantes locales con permiso para escribir un archivo dll en un directorio en la variable de entorno global path puede inyectar c\u00f3digo por medio de una vulnerabilidad de secuestro de DLL."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.8,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
|
|
"accessVector": "LOCAL",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 4.4
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 3.4,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-427"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "8.3.2",
|
|
"versionEndExcluding": "8.5.2",
|
|
"matchCriteriaId": "D85353A5-9E6F-4D4A-8B4A-698645D12E75"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "8.5.3",
|
|
"versionEndExcluding": "8.6.0",
|
|
"matchCriteriaId": "C49F8053-7202-4EE9-9F30-65B80AF58B8A"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://jira.atlassian.com/browse/JRASERVER-70407",
|
|
"source": "security@atlassian.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |