Description

Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery (CSRF) vulnerabilities.

Remediation

References

CVE-2019-20401

Related Vulnerabilities

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29214)

IBM RTC CVE-2020-4964 Vulnerability (CVE-2020-4964)

WordPress 4.9.x Prototype Pollution (4.9 - 4.9.19)

WordPress Plugin Parallax Scroll Cross-Site Scripting (2.0.1)

Oracle JRE CVE-2013-2451 Vulnerability (CVE-2013-2451)

Severity

Medium

Classification

CVE-2019-20401 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities