Description

The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance.

Remediation

References

CVE-2019-14998

Related Vulnerabilities

WordPress Plugin Button Widget Smartsoft Cross-Site Request Forgery (1.0.1)

Oracle JRE CVE-2013-2466 Vulnerability (CVE-2013-2466)

WordPress Plugin Heat Trackr Cross-Site Scripting (1.0)

TYPO3 Improper Neutralization of HTTP Headers for Scripting Syntax Vulnerability (CVE-2021-41114)

MongoDb Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2021-32036)

Severity

Medium

Classification

CVE-2019-14998 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities