CVE-2018-13400

Published Oct 23, 2018

Last updated 4 days ago

CVSS medium 4.7

Overview

Description: Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass "WebSudo" through an improper access control vulnerability.
Source: security@atlassian.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 4.7
Impact score: 3.4
Exploitability score: 1.2
Vector string: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-269

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25E9DDE1-F33F-4F65-A521-807D4F09C0AE",
            "versionEndExcluding": "7.6.9"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "300D871F-7128-41F1-BCC8-BE7C3687741B",
            "versionEndExcluding": "7.7.5",
            "versionStartIncluding": "7.7.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A04E4050-271E-4D23-B988-E02D5A651386",
            "versionEndExcluding": "7.8.5",
            "versionStartIncluding": "7.8.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A3C3F9E-5BDD-48F3-B45F-9B9C6D31CAE2",
            "versionEndExcluding": "7.9.3",
            "versionStartIncluding": "7.9.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C568973F-5079-49ED-928D-7F11C842CF4B",
            "versionEndExcluding": "7.10.3",
            "versionStartIncluding": "7.10.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "551A5667-1184-4E3D-9AA7-90C8D18590C3",
            "versionEndExcluding": "7.11.3",
            "versionStartIncluding": "7.11.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "078CC169-BA97-4F89-A9AE-05E21FC867CA",
            "versionEndExcluding": "7.12.3",
            "versionStartIncluding": "7.12.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0A81285-A452-4AFE-94BE-3B27014535A3",
            "versionEndExcluding": "7.13.1",
            "versionStartIncluding": "7.13.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References