Description
The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27095
Patch x_refsource_confirm
http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/42770
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27954
Scores
EPSS
0.0059
EPSS Percentile
69.3%
Details
CWE
CWE-264
Status
published
Products (1)
atlassian/jira
< 3.12
Published
Jan 03, 2008
Tracked Since
Feb 18, 2026