Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-11588)

Description

The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability.

Remediation

References

Related Vulnerabilities

Drupal Core 8.x.x Cross-Site Request Forgery (8.0.0 - 8.8.12)

WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan Multiple Security Bypass Vulnerabilities (8.0)

WordPress Plugin Wordpress Uninstall Cross-Site Request Forgery (1.2.1)

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-5191)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-21340)

Severity

Medium

Classification

CVE-2019-11588 CWE-352

Tags

Missing Update Known Vulnerabilities