This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_113776Atlassian Jira 7.13.0 < 7.13.6 Multiple Vulnerabilities
EPSS
Percentile
46.7%
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.13.0 prior to 7.13.6 or 8.0.0 prior to 8.3.2. It is, therefore, affected by multiple vulnerabilities:
-
A issue which permits remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability (CVE-2019-11588).
-
A issue which permits remote attackers to modify various settings via a Cross-site request forgery (CSRF) vulnerability (CVE-2019-11587).
-
A issue which permits remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability (CVE-2019-11586).
-
A vulnerability which permits remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect (CVE-2019-11585).
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source dataReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11585
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11586
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11587
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11588
jira.atlassian.com/browse/JRASERVER-69781
jira.atlassian.com/browse/JRASERVER-69782
jira.atlassian.com/browse/JRASERVER-69783
jira.atlassian.com/browse/JRASERVER-69784
Related
