Description

Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery (CSRF) vulnerabilities.

Remediation

References

CVE-2019-20401

Related Vulnerabilities

WordPress Plugin Triagis WordPress Security Evaluation-Check Folder Permissions, Fix For Common Security Vulnerabilities Multiple Cross-Site Request Forgery Vulnerabilities (1.15)

Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-3386)

Lighttpd Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-19052)

ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-0299)

WordPress Plugin Gravity Forms HubSpot Cross-Site Scripting (1.0.8)

Severity

Medium

Classification

CVE-2019-20401 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities