Description

Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.

Remediation

References

CVE-2018-13402

Related Vulnerabilities

WordPress Plugin Video Conferencing with Zoom Cross-Site Scripting (3.8.15)

MySQL CVE-2018-3064 Vulnerability (CVE-2018-3064)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-7919)

SharePoint Download of Code Without Integrity Check Vulnerability (CVE-2020-1576)

WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution (4.2997)

Severity

Medium

Classification

CVE-2018-13402 CWE-601

Tags

Missing Update Known Vulnerabilities