Description
The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Symposium SQL Injection (15.1)
WordPress Plugin YOP Poll Cross-Site Scripting (5.7.3)
WordPress Plugin WP SlackSync Information Disclosure (1.8.5)
Oracle JRE CVE-2014-0454 Vulnerability (CVE-2014-0454)
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-14725)