CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check.

**Details**

*   **Type: ** Bug
    

*   **Priority: ** Medium
    
*   **Resolution:** Fixed
    
*   **Affects Version/s:** 7.8.0, 7.10.1
    

*   **Labels:**
    
    *   CVE-2018-20826
    *   advisory
    *   advisory-released
    *   bugbounty
    *   cvss-medium
    *   idor
    *   security
    

*   **Fixed in Long Term Support Release/s:**
    
*   **Introduced in Version:**
    
    7.08
    
*   **Symptom Severity:**
    
    Severity 3 - Minor
    

**Description**

The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check.

**Attachments**

**Activity**

**People**

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

**Dates**

Created:

29/Apr/2019 3:27 AM

Updated:

22/May/2020 8:22 AM

Resolved:

29/Apr/2019 3:29 AM

Headline

CVE-2018-20826: [JRASERVER-69239] Permissions bypass in the inline-create rest resource - CVE-2018-20826

CVE: Latest News