Description

The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.

Remediation

References

CVE-2019-11589

Related Vulnerabilities

WordPress Plugin WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection-StopBadBots SQL Injection (6.59)

WordPress Plugin Simple add pages or posts Cross-Site Request Forgery (1.6)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2938)

Atlassian Jira Other Vulnerability (CVE-2019-14997)

WordPress Plugin Realia Cross-Site Scripting (0.9.1)

Severity

Medium

Classification

CVE-2019-11589 CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities