Lucene search
AtlassianCVELIST:CVE-2019-20098HistoryFeb 03, 2020 - 12:00 a.m.
CVE-2019-20098
2020-02-0300:00:00
atlassian
www.cve.org
1
The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present.
CNA Affected
[
{
"product": "Jira Server",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "8.7.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
atlassian
atlassian
CSRF in VerifySmtpServerConnection!add.jspa - CVE-2019-20098
2020-02-05 16:02:41
CSRF in VerifySmtpServerConnection!add.jspa - CVE-2019-20098
2020-02-05 16:02:41
nvd
nvd
CVE-2019-20098
2020-02-12 14:15:11
cve
cve
CVE-2019-20098
2020-02-12 14:15:11
prion
prion
Cross site request forgery (csrf)
2020-02-12 14:15:00
nessus
nessus
Atlassian JIRA 7.x >= 7.6 / 8.x < 8.5.4 / 8.6.x < 8.6.2 Multiple CSRF
2020-02-21 00:00:00