Improper Authorization Vulnerability Allows Unauthorized Download of Support Zip Files in Atlassian Jira Server and Data Center

Improper Authorization Vulnerability Allows Unauthorized Download of Support Zip Files in Atlassian Jira Server and Data Center

CVE-2019-20402 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability.

Learn more about our Cis Benchmark Audit For Server Software.