Description
An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0838
Scores
CVSS v3
4.3
EPSS
0.0112
EPSS Percentile
62.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-862
Status
published
Products (1)
tempo/tempo
4.10.0
Published
Oct 31, 2019
Tracked Since
Feb 18, 2026