Description

The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.

Remediation

References

CVE-2019-11585

Related Vulnerabilities

WordPress Plugin Contact Form by Supsystic Cross-Site Scripting (1.7.14)

Oracle JRE CVE-2013-2452 Vulnerability (CVE-2013-2452)

PHP hangs on parsing particular strings as floating point number

MediaWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-1055)

WordPress Plugin Yoast SEO Cross-Site Scripting (5.7.1)

Severity

Medium

Classification

CVE-2019-11585 CWE-601

Tags

Missing Update Known Vulnerabilities