Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-11587)

Description

Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF).

Remediation

References

Related Vulnerabilities

WordPress Plugin Additional Variation Images for WooCommerce Cross-Site Scripting (1.1.28)

MySQL CVE-2019-2963 Vulnerability (CVE-2019-2963)

WordPress Plugin One Click SSL Cross-Site Request Forgery (1.4.6)

Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000863)

MODX Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-1000223)

Severity

Medium

Classification

CVE-2019-11587 CWE-352

Tags

Missing Update Known Vulnerabilities