CVE-2018-13400

Name of the Vulnerable Software and Affected Versions Atlassian Jira versions prior to 7.6.9 Atlassian Jira versions 7.7.0 through 7.7.5 Atlassian Jira versions 7.8.0 through 7.8.5 Atlassian Jira versions 7.9.0 through 7.9.3 Atlassian Jira versions 7.10.0 through 7.10.3 Atlassian Jira versions 7.11.0 through 7.11.3 Atlassian Jira versions 7.12.0 through 7.12.3 Atlassian Jira versions prior to 7.13.1

Description The issue allows remote attackers who have obtained access to an administrator's session to access certain administrative resources without needing to re-authenticate, due to an improper access control vulnerability. This can be exploited by passing "WebSudo" through the vulnerable access control.

Recommendations For versions prior to 7.6.9, update to version 7.6.9 or later. For versions 7.7.0 through 7.7.5, update to version 7.7.5 or later. For versions 7.8.0 through 7.8.5, update to version 7.8.5 or later. For versions 7.9.0 through 7.9.3, update to version 7.9.3 or later. For versions 7.10.0 through 7.10.3, update to version 7.10.3 or later. For versions 7.11.0 through 7.11.3, update to version 7.11.3 or later. For versions 7.12.0 through 7.12.3, update to version 7.12.3 or later. For versions prior to 7.13.1, update to version 7.13.1 or later.