CVE-2020-15943

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Gantt-Chart for Jira versions prior to 5.5.4

Description An issue in the Gantt-Chart module allows authenticated attackers to read and write to the module configuration of other users due to a missing privilege check. This can also be used to deliver an XSS payload to other users' dashboards.

Recommendations For versions prior to 5.5.4, update to version 5.5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Gantt-Chart module to minimize the risk of exploitation.

Exploit

Fix

Missing Authorization

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-79

Related Identifiers

CVE-2020-15943

GHSA-49JM-G4M8-X53P

Affected Products

Gantt-Chart For Jira

CVE-2020-15943

Weakness Enumeration

Related Identifiers

Affected Products

References · 15