{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T05:09:23.172","vulnerabilities":[{"cve":{"id":"CVE-2018-13400","sourceIdentifier":"security@atlassian.com","published":"2018-10-23T13:29:02.947","lastModified":"2024-11-21T03:47:01.850","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass \"WebSudo\" through an improper access control vulnerability."},{"lang":"es","value":"Varios recursos administrativos en Atlassian Jira en versiones anteriores a la 7.6.9, desde la versión 7.7.0 anterior a la 7.7.5, desde la versión 7.8.0 anterior a la 7.8.5, desde la versión 7.9.0 anterior a la 7.9.3, desde la versión 7.10.0 anterior a la 7.10.3, desde la versión 7.11.0 anterior a la 7.11.3, desde la versión 7.12.0 anterior a la 7.12.3 y antes de la versión 7.13.1 permiten que atacantes remotos con acceso a la sesión de administrador accedan a ciertos recursos administrativos sin necesitar reautenticarse para pasar \"WebSudo\" a través de una vulnerabilidad de control de acceso incorrecto."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*","versionEndExcluding":"7.6.9","matchCriteriaId":"25E9DDE1-F33F-4F65-A521-807D4F09C0AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.0","versionEndExcluding":"7.7.5","matchCriteriaId":"300D871F-7128-41F1-BCC8-BE7C3687741B"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.8.0","versionEndExcluding":"7.8.5","matchCriteriaId":"A04E4050-271E-4D23-B988-E02D5A651386"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.9.0","versionEndExcluding":"7.9.3","matchCriteriaId":"2A3C3F9E-5BDD-48F3-B45F-9B9C6D31CAE2"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.10.0","versionEndExcluding":"7.10.3","matchCriteriaId":"C568973F-5079-49ED-928D-7F11C842CF4B"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.11.0","versionEndExcluding":"7.11.3","matchCriteriaId":"551A5667-1184-4E3D-9AA7-90C8D18590C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.12.0","versionEndExcluding":"7.12.3","matchCriteriaId":"078CC169-BA97-4F89-A9AE-05E21FC867CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.13.0","versionEndExcluding":"7.13.1","matchCriteriaId":"C0A81285-A452-4AFE-94BE-3B27014535A3"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/105751","source":"security@atlassian.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://jira.atlassian.com/browse/JRASERVER-68138","source":"security@atlassian.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/105751","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://jira.atlassian.com/browse/JRASERVER-68138","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]}]}}]}