Open redirect in startup.jsp - CVE-2019-11585

2019-08-09T03:53:21
ID ATLASSIAN:JRASERVER-69784
Type atlassian
Reporter security-metrics-bot
Modified 2019-10-16T12:09:49

Description

The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.