Description

The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter.

Remediation

References

CVE-2019-20901

Related Vulnerabilities

WordPress Plugin SEO Redirection-301 Redirect Manager Cross-Site Scripting (6.4)

D3.js Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-16044)

Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2022-42129)

Perl Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2827)

phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13827)

Severity

Medium

Classification

CVE-2019-20901 CWE-601

Tags

Missing Update Known Vulnerabilities