Description

Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery (CSRF) vulnerabilities.

Remediation

References

CVE-2019-20401

Related Vulnerabilities

Dolibarr Improper Authentication Vulnerability (CVE-2017-8879)

Moodle Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2016-7038)

SugarCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-35808)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-5977)

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-0114)

Severity

Medium

Classification

CVE-2019-20401 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities