4 matches found
CVE-2019-20901
The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the osdestination parameter...
Open redirect
The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the osdestination parameter...
Open redirect vulnerability in login.jsp - CVE-2019-20901
The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the osdestination parameter...
Open redirect in JIRA in HTTPS mode only
If JIRA is configured for HTTPS connections in both "redirect HTTP to HTTPS" and "HTTPS only" modes, then the following redirects are possible. This does not occur in HTTP configs. The osdestination parameter on the login.jsp page and other pages once logged in - see technical details below allow...