Lucene search

[email protected]NVD:CVE-2019-11589

HistoryAug 23, 2019 - 2:15 p.m.

CVE-2019-11589

2019-08-2314:15:11

CWE-601

[email protected]

web.nvd.nist.gov

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

46.7%

JSON

The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user’s Cross-site request forgery (CSRF) token, via a open redirect vulnerability.

Affected configurations

Nvd

Node

atlassianjira_serverRange7.13.0–7.13.6

atlassianjira_serverRange8.0.0–8.2.3

atlassianjira_serverRange8.3.0–8.3.2

VendorProductVersionCPE
atlassianjira_server*cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
atlassian	jira_server	*	cpe:2.3:a:atlassian:jira_server::::::::

References

jira.atlassian.com/browse/JRASERVER-69780

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

46.7%

JSON

Related for NVD:CVE-2019-11589

cve1 cvelist1 atlassian2 prion1 nessus2