Lucene search
AtlassianCVELIST:CVE-2019-14998HistorySep 10, 2019 - 12:00 a.m.
CVE-2019-14998
2019-09-1000:00:00
atlassian
www.cve.org
0.001 Low
EPSS
Percentile
47.4%
The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via “cookie tossing” a CSRF cookie from a subdomain of a Jira instance.
CNA Affected
[
{
"product": "Jira",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "8.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
prion
prion
Cross site request forgery (csrf)
2019-09-11 14:15:00
atlassian
atlassian
"Cookie Tossing" CSRF weakness against subdomains - CVE-2019-14998
2019-08-12 02:42:15
"Cookie Tossing" CSRF weakness against subdomains - CVE-2019-14998
2019-08-12 02:42:15
talos
talos
Atlassian Jira CSRF Protections Bypass Vulnerability
2019-09-16 00:00:00
nvd
nvd
CVE-2019-14998
2019-09-11 14:15:11
cve
cve
CVE-2019-14998
2019-09-11 14:15:11
nessus
nessus
Atlassian JIRA < 8.4.0 Multiple Vulnerabilities
2019-09-20 00:00:00
Atlassian Jira < 8.4.0 Multiple Vulnerabilities
2019-10-09 00:00:00
talosblog
talosblog
Vulnerability Spotlight: Multiple vulnerabilities in Atlassian Jira
2019-09-20 07:26:50