Description
The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance.
Remediation
References
Related Vulnerabilities
qdPM Code Execution Vulnerability (CVE-2015-3884)
WebLogic CVE-2023-21839 Vulnerability (CVE-2023-21839)
Craft CMS Missing Encryption of Sensitive Data Vulnerability (CVE-2018-20465)
Perl Out-of-bounds Read Vulnerability (CVE-2018-6798)
WordPress Plugin Health Check & Troubleshooting Arbitrary File Disclosure (1.2.3)