Lucene search
PRIOn knowledge basePRION:CVE-2019-20099HistoryFeb 12, 2020 - 2:15 p.m.
Cross site request forgery (csrf)
2020-02-1214:15:00
PRIOn knowledge base
www.prio-n.com
5
The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jira_data_center | ge | 7.6.15 | |
| jira_data_center | lt | 8.5.4 | |
| jira_data_center | ge | 8.5.5 | |
| jira_data_center | lt | 8.6.2 | |
| jira_server | ge | 7.6.15 | |
| jira_server | lt | 8.5.4 | |
| jira_server | ge | 8.5.5 | |
| jira_server | lt | 8.6.2 |
Related
cve
cve
CVE-2019-20099
2020-02-12 14:15:11
atlassian
atlassian
CSRF in VerifyPopServerConnection!add.jspa - CVE-2019-20099
2020-02-05 16:03:02
CSRF in VerifyPopServerConnection!add.jspa - CVE-2019-20099
2020-02-05 16:03:02
cvelist
cvelist
CVE-2019-20099
2020-02-03 00:00:00
nvd
nvd
CVE-2019-20099
2020-02-12 14:15:11
nessus
nessus
Atlassian JIRA 7.x >= 7.6 / 8.x < 8.5.4 / 8.6.x < 8.6.2 Multiple CSRF
2020-02-21 00:00:00