CVE-2018-13401

Published: Oct 23, 2018Modified: Nov 21, 2024

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability.

Affected (8)

Products: Atlassian: Jira, Jira Server

Atlassian

2 products

Jira

Jira Server

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Atlassian Jira	Before 7.6.9
Atlassian Jira Server	From 7.10.0 to 7.10.3
Atlassian Jira Server	From 7.11.0 to 7.11.3
Atlassian Jira Server	From 7.12.0 to 7.12.3
Atlassian Jira Server	From 7.13.0 to 7.13.1
Atlassian Jira Server	From 7.7.0 to 7.7.5
Atlassian Jira Server	From 7.8.0 to 7.8.5
Atlassian Jira Server	From 7.9.0 to 7.9.3