The ViewLogging class exposed various resources that were vulnerable to CSRF - CVE-2019-11587

2019-08-09T03:48:01
ID ATLASSIAN:JRASERVER-69782
Type atlassian
Reporter security-metrics-bot
Modified 2019-08-22T23:38:16

Description

Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF).