cve-2007-6619
Vulnerability from cvelistv5
Published
2008-01-03 23:00
Modified
2024-08-07 16:11
Severity ?
EPSS score ?
Summary
The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27095",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27095"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24"
},
{
"name": "42770",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42770"
},
{
"name": "27954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27954"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-10-11T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27095",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27095"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24"
},
{
"name": "42770",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42770"
},
{
"name": "27954",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27954"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27095",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27095"
},
{
"name": "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24",
"refsource": "CONFIRM",
"url": "http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24"
},
{
"name": "42770",
"refsource": "OSVDB",
"url": "http://osvdb.org/42770"
},
{
"name": "27954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27954"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6619",
"datePublished": "2008-01-03T23:00:00",
"dateReserved": "2008-01-03T00:00:00",
"dateUpdated": "2024-08-07T16:11:06.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atlassian:jira:*:*:enterprise:*:*:*:*:*\", \"versionEndIncluding\": \"3.12\", \"matchCriteriaId\": \"204318E0-AA2F-4DCD-9CCE-73A2F2DD838D\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.\"}, {\"lang\": \"es\", \"value\": \"El Asistente de Instalaci\\u00f3n de Atlassian JIRAEnterprise Edition anterior a 3.12.1 no restringe adecuadamente los intentos de instalaci\\u00f3n una vez que la instalaci\\u00f3n se ha completado, lo cual permite a atacantes remotos cambiar el lenguaje por defecto.\"}]",
"id": "CVE-2007-6619",
"lastModified": "2024-11-21T00:40:36.970",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2008-01-03T23:46:00.000",
"references": "[{\"url\": \"http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://osvdb.org/42770\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/27954\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/27095\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://osvdb.org/42770\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/27954\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/27095\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2007-6619\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-01-03T23:46:00.000\",\"lastModified\":\"2024-11-21T00:40:36.970\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language.\"},{\"lang\":\"es\",\"value\":\"El Asistente de Instalaci\u00f3n de Atlassian JIRAEnterprise Edition anterior a 3.12.1 no restringe adecuadamente los intentos de instalaci\u00f3n una vez que la instalaci\u00f3n se ha completado, lo cual permite a atacantes remotos cambiar el lenguaje por defecto.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:jira:*:*:enterprise:*:*:*:*:*\",\"versionEndIncluding\":\"3.12\",\"matchCriteriaId\":\"204318E0-AA2F-4DCD-9CCE-73A2F2DD838D\"}]}]}],\"references\":[{\"url\":\"http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://osvdb.org/42770\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27954\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/27095\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://osvdb.org/42770\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27954\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/27095\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.