Description
The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance.
Remediation
References
Related Vulnerabilities
WordPress Plugin wp audio gallery playlist 'playlist.php' SQL Injection (0.12)
Joomla Other Vulnerability (CVE-2005-3772)
WordPress Plugin Modern Events Calendar Lite Cross-Site Scripting (5.22.2)
WordPress Plugin Access Demo Importer Arbitrary File Upload (1.0.6)
PrestaShop Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-5682)