Description

The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present.

Remediation

References

CVE-2019-20099

Related Vulnerabilities

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.9)

WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (3.8.6)

MySQL CVE-2018-2805 Vulnerability (CVE-2018-2805)

MySQL CVE-2013-3811 Vulnerability (CVE-2013-3811)

WordPress Plugin Classified Listing Pro & Directory Cross-Site Scripting (2.0.19)

Severity

Medium

Classification

CVE-2019-20099 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities