Security Vulnerabilities - CVEs Published In August 2019
Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-08-23
comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-08-23
Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF).
CVSS Score
6.5
EPSS Score
0.001
Published
2019-08-23
The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability.
CVSS Score
4.3
EPSS Score
0.003
Published
2019-08-23
The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-08-23
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database.
CVSS Score
4.9
EPSS Score
0.004
Published
2019-08-23
Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-23
Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an authenticated Kibana user could impersonate as kibanaserver user when providing wrong credentials when all of the following conditions a-c are true: a) Kibana is configured to use Single-Sign-On as authentication method, one of Kerberos, JWT, Proxy, Client certificate. b) The kibanaserver user is configured to use HTTP Basic as the authentication method. c) Search Guard is configured to use an SSO authentication domain and HTTP Basic at the same time
CVSS Score
8.8
EPSS Score
0.003
Published
2019-08-23
The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator.
CVSS Score
4.3
EPSS Score
0.001
Published
2019-08-23
The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-23