Description
The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability.
Remediation
References
Related Vulnerabilities
Atlassian Jira Uncontrolled Search Path Element Vulnerability (CVE-2019-20400)
WordPress Plugin Chat-Support Board-WordPress Chat Cross-Site Scripting (3.3.4)
MySQL CVE-2020-2901 Vulnerability (CVE-2020-2901)
MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9411)