Description

Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF).

Remediation

References

CVE-2019-11587

Related Vulnerabilities

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-38267)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.21)

WordPress Plugin SS Quiz Multiple Unspecified Vulnerabilities (1.12)

ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-4391)

WordPress Plugin Audio Record Arbitrary File Upload (1.0)

Severity

Medium

Classification

CVE-2019-11587 CWE-352

Tags

Missing Update Known Vulnerabilities