Description

The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability.

Remediation

References

CVE-2018-13401

Related Vulnerabilities

Artifactory Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-23163)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-5492)

TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4614)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Multiple Vulnerabilities (2.0.45)

WordPress Plugin Admin renamer extended Cross-Site Scripting (3.2)

Severity

Medium

Classification

CVE-2018-13401 CWE-601

Tags

Missing Update Known Vulnerabilities