Vulnerability Details CVE-2020-15943
An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of other users. This can also be used to deliver an XSS payload to other users' dashboards. To exploit this vulnerability, an attacker has to be authenticated.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.8%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 5.5
References
- http://packetstormsecurity.com/files/158751/Gantt-Chart-For-Jira-5.5.3-Missing-Privilege-Check.html
- http://seclists.org/fulldisclosure/2020/Aug/0
- https://marketplace.atlassian.com/apps/28997/gantt-chart-for-jira?hosting=cloud&tab=overview
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-029.txt
- http://packetstormsecurity.com/files/158751/Gantt-Chart-For-Jira-5.5.3-Missing-Privilege-Check.html
- http://seclists.org/fulldisclosure/2020/Aug/0
- https://marketplace.atlassian.com/apps/28997/gantt-chart-for-jira?hosting=cloud&tab=overview
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-029.txt
Products affected by CVE-2020-15943
-
cpe:2.3:a:gantt-chart_project:gantt-chart:-
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.1
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.2
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.2.1
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.2.2
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.3
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.3.1
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.3.2
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.3.3
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.3.4
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.3.5
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.3.6
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.4.0
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.5.0
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.5.10
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.5.2
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.5.3
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.5.4
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.5.5
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.5.6
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.5.7
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.5.8
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.5.9
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.6.0
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.6.1
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.6.10
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.6.11
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.6.13
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.6.14
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.6.15
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.6.2
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.6.3
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.6.4
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.6.5
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.6.6
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.6.7
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.6.8
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.6.9
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.7.0
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.7.1
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.7.2
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.7.3
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.7.4
-
cpe:2.3:a:gantt-chart_project:gantt-chart:1.7.5
-
cpe:2.3:a:gantt-chart_project:gantt-chart:2.1.6
-
cpe:2.3:a:gantt-chart_project:gantt-chart:2.1.7
-
cpe:2.3:a:gantt-chart_project:gantt-chart:2.1.8
-
cpe:2.3:a:gantt-chart_project:gantt-chart:2.1.8.2
-
cpe:2.3:a:gantt-chart_project:gantt-chart:2.2
-
cpe:2.3:a:gantt-chart_project:gantt-chart:2.2.1
-
cpe:2.3:a:gantt-chart_project:gantt-chart:2.2.2
-
cpe:2.3:a:gantt-chart_project:gantt-chart:2.3
-
cpe:2.3:a:gantt-chart_project:gantt-chart:2.4
-
cpe:2.3:a:gantt-chart_project:gantt-chart:3.0.0
-
cpe:2.3:a:gantt-chart_project:gantt-chart:3.1.0
-
cpe:2.3:a:gantt-chart_project:gantt-chart:3.1.1
-
cpe:2.3:a:gantt-chart_project:gantt-chart:3.1.2
-
cpe:2.3:a:gantt-chart_project:gantt-chart:3.1.4
-
cpe:2.3:a:gantt-chart_project:gantt-chart:3.1.5
-
cpe:2.3:a:gantt-chart_project:gantt-chart:3.1.6
-
cpe:2.3:a:gantt-chart_project:gantt-chart:3.1.8
-
cpe:2.3:a:gantt-chart_project:gantt-chart:3.1.9
-
cpe:2.3:a:gantt-chart_project:gantt-chart:3.2
-
cpe:2.3:a:gantt-chart_project:gantt-chart:3.2.1
-
cpe:2.3:a:gantt-chart_project:gantt-chart:3.2.2
-
cpe:2.3:a:gantt-chart_project:gantt-chart:3.2.3
-
cpe:2.3:a:gantt-chart_project:gantt-chart:3.2.4
-
cpe:2.3:a:gantt-chart_project:gantt-chart:3.2.5
-
cpe:2.3:a:gantt-chart_project:gantt-chart:3.2.6
-
cpe:2.3:a:gantt-chart_project:gantt-chart:3.2.7
-
cpe:2.3:a:gantt-chart_project:gantt-chart:3.3.0
-
cpe:2.3:a:gantt-chart_project:gantt-chart:3.3.1
-
cpe:2.3:a:gantt-chart_project:gantt-chart:3.3.2
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.0.0
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.0.1
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.0.2
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.0.3
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.0.4
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.0.5
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.0.6
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.0.7.1
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.0.7.2
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.0.7.3
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.0.8
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.0.9
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.1.0
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.1.1
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.1.2
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.1.5
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.1.7
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.2.0
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.2.1
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.2.2
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.2.3
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.2.4
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.3.0
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.3.1
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.3.10
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.3.11
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.3.12
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.3.13
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.3.14d
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.3.2
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.3.3
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.3.4
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.3.5
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.3.7
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.3.8
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.3.9
-
cpe:2.3:a:gantt-chart_project:gantt-chart:4.4.0
-
cpe:2.3:a:gantt-chart_project:gantt-chart:5.0.0
-
cpe:2.3:a:gantt-chart_project:gantt-chart:5.0.1
-
cpe:2.3:a:gantt-chart_project:gantt-chart:5.0.2
-
cpe:2.3:a:gantt-chart_project:gantt-chart:5.0.3
-
cpe:2.3:a:gantt-chart_project:gantt-chart:5.0.4
-
cpe:2.3:a:gantt-chart_project:gantt-chart:5.0.5
-
cpe:2.3:a:gantt-chart_project:gantt-chart:5.0.7
-
cpe:2.3:a:gantt-chart_project:gantt-chart:5.1.0
-
cpe:2.3:a:gantt-chart_project:gantt-chart:5.2.0
-
cpe:2.3:a:gantt-chart_project:gantt-chart:5.2.1
-
cpe:2.3:a:gantt-chart_project:gantt-chart:5.3.0
-
cpe:2.3:a:gantt-chart_project:gantt-chart:5.3.1
-
cpe:2.3:a:gantt-chart_project:gantt-chart:5.4.0
-
cpe:2.3:a:gantt-chart_project:gantt-chart:5.4.2
-
cpe:2.3:a:gantt-chart_project:gantt-chart:5.5.0
-
cpe:2.3:a:gantt-chart_project:gantt-chart:5.5.2
-
cpe:2.3:a:gantt-chart_project:gantt-chart:5.5.3