Description
The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter.
Remediation
References
Related Vulnerabilities
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-11112)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-4306)
Vulnerable JavaScript libraries
MySQL CVE-2021-35644 Vulnerability (CVE-2021-35644)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-4299)