The ViewLogging class exposed various resources that were vulnerable to CSRF - CVE-2019-11587

2019-08-0903:48:01

security-metrics-bot

jira.atlassian.com

0.001 Low

EPSS

Percentile

32.6%

JSON

Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF).

CPENameOperatorVersion
jira server and data centerle7.13.0
jira server and data centerlt8.3.2
jira server and data centerlt8.2.3
jira server and data centerle8.1.1
jira server and data centerlt8.4.0
jira server and data centerlt7.13.6

Name	Operator	Version
jira server and data center	le	7.13.0
jira server and data center	lt	8.3.2
jira server and data center	lt	8.2.3
jira server and data center	le	8.1.1
jira server and data center	lt	8.4.0
jira server and data center	lt	7.13.6

0.001 Low

EPSS

Percentile

32.6%

JSON

Related for ATLASSIAN:JRASERVER-69782