Description

Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.

Remediation

References

CVE-2018-13402

Related Vulnerabilities

WordPress Plugin Email Templates HTML Injection (1.3)

MySQL CVE-2018-2755 Vulnerability (CVE-2018-2755)

DOMPurify URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-25155)

PHP Other Vulnerability (CVE-2015-4601)

Atlassian Jira Incorrect Authorization Vulnerability (CVE-2019-8446)

Severity

Medium

Classification

CVE-2018-13402 CWE-601

Tags

Missing Update Known Vulnerabilities