Description
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2.
Remediation
References
Related Vulnerabilities
Oracle HTTP Server CVE-2018-2760 Vulnerability (CVE-2018-2760)
WordPress Plugin Customer Reviews for WooCommerce Cross-Site Scripting (5.16.0)
GlassFish CVE-2010-2397 Vulnerability (CVE-2010-2397)
WordPress Plugin WordPress Infinite Scroll-Ajax Load More Local File Inclusion (2.11.1)
WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Security Bypass (0.1.0.44)