Cross site request forgery (csrf)

2018-10-2313:29:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.0%

JSON

The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user’s Cross-site request forgery (CSRF) token through an open redirect vulnerability.

CPENameOperatorVersion
jiralt7.6.9
jira_serverge7.11.0
jira_serverlt7.11.3
jira_serverge7.12.0
jira_serverlt7.12.3
jira_serverge7.13.0
jira_serverlt7.13.1
jira_serverge7.10.0
jira_serverlt7.10.3
jira_serverge7.7.0

Name	Operator	Version
jira	lt	7.6.9
jira_server	ge	7.11.0
jira_server	lt	7.11.3
jira_server	ge	7.12.0
jira_server	lt	7.12.3
jira_server	ge	7.13.0
jira_server	lt	7.13.1
jira_server	ge	7.10.0
jira_server	lt	7.10.3
jira_server	ge	7.7.0