CVE-2019-14998

2019-09-11T14:15:00
ID CVE-2019-14998
Type cve
Reporter cve@mitre.org
Modified 2019-09-16T19:15:00

Description

The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance.