Description

The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability.

Remediation

References

CVE-2018-13401

Related Vulnerabilities

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-4382)

WordPress Plugin Cleeng-Sell your videos Cross-Site Scripting (2.3.2)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-36568)

WordPress Plugin YARPP-Yet Another Related Posts SQL Injection (5.30.2)

Django Resource Management Errors Vulnerability (CVE-2015-5963)

Severity

Medium

Classification

CVE-2018-13401 CWE-601

Tags

Missing Update Known Vulnerabilities