{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T06:14:34.675","vulnerabilities":[{"cve":{"id":"CVE-2019-15013","sourceIdentifier":"security@atlassian.com","published":"2019-12-18T04:15:14.197","lastModified":"2024-11-21T04:27:52.437","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a project via a missing authorisation check."},{"lang":"es","value":"El método removeStatus de la clase WorkflowResource en Jira versiones anteriores a la versión  7.13.12, desde la versión 8.0.0 anteriores a la versión 8.4.3 y desde la versión 8.5.0 anteriores a la versión 8.5.2, permite a atacantes remotos autenticados que no tienen acceso de administración del proyecto eliminar un estado del problema configurado desde el proyecto por medio de una falta de comprobación de autorización."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*","versionEndExcluding":"7.13.12","matchCriteriaId":"F460A680-2B63-426A-8A84-4C82FBF1F9CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.4.3","matchCriteriaId":"B693DA20-3CDC-4089-82E3-F169BDFC3B04"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.0","versionEndExcluding":"8.5.2","matchCriteriaId":"092C476C-0D3A-41A1-90E3-295730FD74EB"}]}]}],"references":[{"url":"https://jira.atlassian.com/browse/JRASERVER-70405","source":"security@atlassian.com","tags":["Vendor Advisory"]},{"url":"https://jira.atlassian.com/browse/JRASERVER-70405","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}