CVE-2006-3339

secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows remote attackers to obtain sensitive information via unspecified manipulations of the projectId parameter, which displays the installation path and other system information in an error message.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.osvdb.org/26745
http://jira.atlassian.com/browse/JRA-10542
http://pridels0.blogspot.com/2006/06/atlassian-jira-information-disclosure.html
http://www.vupen.com/english/advisories/2006/2472
https://exchange.xforce.ibmcloud.com/vulnerabilities/27235

Configurations

Configuration 1 (hide)

cpe:2.3:a:atlassian:jira:3.6.2_156:*:*:*:*:*:*:*

Information

Published : 2006-07-03 11:05

Updated : 2017-07-19 18:32

NVD link : CVE-2006-3339

Mitre link : CVE-2006-3339

JSON object : View

CWE

NVD-CWE-Other

Products Affected

atlassian

jira

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.osvdb.org/26745", "name": "26745", "tags": [], "refsource": "OSVDB"}, {"url": "http://jira.atlassian.com/browse/JRA-10542", "name": "http://jira.atlassian.com/browse/JRA-10542", "tags": [], "refsource": "CONFIRM"}, {"url": "http://pridels0.blogspot.com/2006/06/atlassian-jira-information-disclosure.html", "name": "http://pridels0.blogspot.com/2006/06/atlassian-jira-information-disclosure.html", "tags": [], "refsource": "MISC"}, {"url": "http://www.vupen.com/english/advisories/2006/2472", "name": "ADV-2006-2472", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27235", "name": "jira-projectid-info-disclosure(27235)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows remote attackers to obtain sensitive information via unspecified manipulations of the projectId parameter, which displays the installation path and other system information in an error message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-3339", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-07-03T18:05Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:atlassian:jira:3.6.2_156:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:32Z"}

5.0 /10