Description

Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.

Remediation

References

CVE-2018-13402

Related Vulnerabilities

Oracle Database Server CVE-2010-2407 Vulnerability (CVE-2010-2407)

WordPress Plugin 3DPrint Lite Arbitrary File Upload (1.9.1.4)

IBM WebSEAL Missing Authorization Vulnerability (CVE-2020-4499)

WordPress Plugin Simplelife Cross-Site Request Forgery (1.2)

WordPress Plugin Order Export & Order Import for WooCommerce Cross-Site Request Forgery (1.6.0)

Severity

Medium

Classification

CVE-2018-13402 CWE-601

Tags

Missing Update Known Vulnerabilities