Description
The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability.
Remediation
References
Related Vulnerabilities
Jetty CVE-2017-7656 Vulnerability (CVE-2017-7656)
Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2021-21019)
WordPress Plugin Welcart e-Commerce SQL Injection (2.0.0)
WordPress Plugin Easy Media Download Cross-Site Scripting (1.1.4)
WordPress Plugin Users Ultra Membership Arbitrary File Upload (1.5.58)