Description

The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.

Remediation

References

CVE-2019-11589

Related Vulnerabilities

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5652)

WordPress Plugin PhotoXhibit Multiple Cross-Site Scripting Vulnerabilities (2.1.8)

WordPress Plugin Aspose DOC Exporter Arbitrary File Download (1.0)

Wordpress Plugin Backup Migration CVE-2023-6553 Vulnerability (CVE-2023-6553)

WordPress Plugin WP Symposium SQL Injection (15.5.1)

Severity

Medium

Classification

CVE-2019-11589 CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities