Description
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2.
Remediation
References
Related Vulnerabilities
OpenSSL Improper Input Validation Vulnerability (CVE-2014-3567)
MyBB Improper Input Validation Vulnerability (CVE-2019-12831)
Adobe Coldfusion 8 multiple linked XSS vulnerabilies
WordPress Plugin Responsive Slider-Image Slider-Slideshow for WordPress SQL Injection (2.6.8)
WordPress Plugin Event Calendar WD-Responsive Event Calendar Cross-Site Scripting (1.1.44)