Description

The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability.

Remediation

References

CVE-2018-13401

Related Vulnerabilities

Apache Traffic Server Exposure of Resource to Wrong Sphere Vulnerability (CVE-2018-8040)

WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Directory Traversal (2.4.19)

WordPress Plugin Webmention Cross-Site Scripting (4.0.8)

WordPress Plugin classyfrieds Arbitrary File Upload (3.8)

WordPress Plugin Events Shortcodes For The Events Calendar Unspecified Vulnerability (1.7.2)

Severity

Medium

Classification

CVE-2018-13401 CWE-601

Tags

Missing Update Known Vulnerabilities