6.1

CVE-2019-11589

EPSS 0.27%
Veröffentlicht 23.08.2019 14:15:11
Zuletzt bearbeitet 21.11.2024 04:21:23
Quelle security@atlassian.com
CVE-Watchlists
Login
Unerledigt
Login

The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Atlassian ≫ Jira Server Version >= 7.13.0 < 7.13.6

Atlassian ≫ Jira Server Version >= 8.0.0 < 8.2.3

Atlassian ≫ Jira Server Version >= 8.3.0 < 8.3.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.504

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://jira.atlassian.com/browse/JRASERVER-69780

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2019-11589

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-11589

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-11589

EUVD