6.1
CVE-2018-13402
- EPSS 0.09%
- Veröffentlicht 23.10.2018 13:29:03
- Zuletzt bearbeitet 21.11.2024 03:47:02
- Quelle security@atlassian.com
- CVE-Watchlists
- Unerledigt
LoginMany resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Atlassian ≫ Jira Server Version >= 7.7.0 < 7.7.5
Atlassian ≫ Jira Server Version >= 7.8.0 < 7.8.5
Atlassian ≫ Jira Server Version >= 7.9.0 < 7.9.3
Atlassian ≫ Jira Server Version >= 7.10.0 < 7.10.3
Atlassian ≫ Jira Server Version >= 7.11.0 < 7.11.3
Atlassian ≫ Jira Server Version >= 7.12.0 < 7.12.3
Atlassian ≫ Jira Server Version >= 7.13.0 < 7.13.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.255 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.