Lucene search

K
cvelistGitHub_MCVELIST:CVE-2023-30607
HistoryJul 05, 2023 - 5:42 p.m.

CVE-2023-30607 icingaweb2-module-jira template and field configuration are susceptible to CSRF

2023-07-0517:42:54
CWE-352
GitHub_M
www.cve.org
cve-2023-30607
icingaweb2-module-jira
csrf
vulnerability
fixed
atlassian jira
version 1.3.0
version 1.3.2

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.1%

icingaweb2-module-jira provides integration with Atlassian Jira. Starting in version 1.3.0 and prior to version 1.3.2, template and field configuration forms perform the deletion action before user input is validated, including the cross site request forgery token. This issue is fixed in version 1.3.2. There are no known workarounds.

CNA Affected

[
  {
    "vendor": "Icinga",
    "product": "icingaweb2-module-jira",
    "versions": [
      {
        "version": ">= 1.3.0, < 1.3.2",
        "status": "affected"
      }
    ]
  }
]

5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.1%

Related for CVELIST:CVE-2023-30607