PT-2019-17475 · Atlassian · Jira Tempo Plugin

Ben Taylor

Published

2019-10-31

Updated

2019-11-04

CVE-2019-5095

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Atlassian Jira Tempo plugin version 4.10.0

Description A summary information disclosure issue exists, allowing authenticated users to obtain summaries of issues they do not have permission to view via the Tempo plugin.

Recommendations For Atlassian Jira Tempo plugin version 4.10.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2019-5095

Affected Products

Jira Tempo Plugin

PT-2019-17475 · Atlassian · Jira Tempo Plugin

CVE-2019-5095

Weakness Enumeration

Related Identifiers

Affected Products

References · 3