← Volver a CVEs

CVE-2020-15943

HIGH

8.1

Descripcion

An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of other users. This can also be used to deliver an XSS payload to other users' dashboards. To exploit this vulnerability, an attacker has to be authenticated.

Detalles CVE

Puntuacion CVSS v3.18.1

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado8/4/2020

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

gantt-chart_project:gantt-chart

Debilidades (CWE)

CWE-79CWE-862

Referencias

http://packetstormsecurity.com/files/158751/Gantt-Chart-For-Jira-5.5.3-Missing-Privilege-Check.html(cve@mitre.org)

http://seclists.org/fulldisclosure/2020/Aug/0(cve@mitre.org)

https://marketplace.atlassian.com/apps/28997/gantt-chart-for-jira?hosting=cloud&tab=overview(cve@mitre.org)

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-029.txt(cve@mitre.org)

http://packetstormsecurity.com/files/158751/Gantt-Chart-For-Jira-5.5.3-Missing-Privilege-Check.html(af854a3a-2127-422b-91ae-364da2661108)

http://seclists.org/fulldisclosure/2020/Aug/0(af854a3a-2127-422b-91ae-364da2661108)

https://marketplace.atlassian.com/apps/28997/gantt-chart-for-jira?hosting=cloud&tab=overview(af854a3a-2127-422b-91ae-364da2661108)

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-029.txt(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.