Description

Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.

Remediation

References

CVE-2018-13402

Related Vulnerabilities

Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-0189)

WordPress Plugin FD Feedburner Cross-Site Request Forgery (1.42)

PHP Other Vulnerability (CVE-2007-1825)

WordPress Plugin Wordpress Uninstall Cross-Site Request Forgery (1.2.1)

MediaWiki Other Vulnerability (CVE-2013-4567)

Severity

Medium

Classification

CVE-2018-13402 CWE-601

Tags

Missing Update Known Vulnerabilities