Published: 04/08/2020 Updated: 21/07/2021

CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8

CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8

VMScore: 490

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

An issue exists in the Gantt-Chart module prior to 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of other users. This can also be used to deliver an XSS payload to other users' dashboards. To exploit this vulnerability, an attacker has to be authenticated.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gantt-chart project gantt-chart

Gantt-Chart for Jira versions 553 and below misses a privilege check which allows an attacker to read and write the module configuration for other users ...

CWE-79 CWE-862 http://seclists.org/fulldisclosure/2020/Aug/0 http://packetstormsecurity.com/files/158751/Gantt-Chart-For-Jira-5.5.3-Missing-Privilege-Check.html https://marketplace.atlassian.com/apps/28997/gantt-chart-for-jira?hosting=cloud&tab=overview https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-029.txt https://nvd.nist.gov https://packetstormsecurity.com/files/158751/Gantt-Chart-For-Jira-5.5.3-Missing-Privilege-Check.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-15943

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect