Description

The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter.

Remediation

References

CVE-2019-20901

Related Vulnerabilities

Squid Data Processing Errors Vulnerability (CVE-2014-7141)

WordPress Plugin Gallery by BestWebSoft 'php.php' Arbitrary File Upload (3.06)

WordPress Plugin YITH WooCommerce PDF Invoice and Shipping List Security Bypass (1.2.12)

Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2015-8103)

Oracle Database Server CVE-2011-2239 Vulnerability (CVE-2011-2239)

Severity

Medium

Classification

CVE-2019-20901 CWE-601

Tags

Missing Update Known Vulnerabilities