← Back

CVE-2018-13402

nvd nist
Published: Oct 23, 2018Modified: Nov 21, 2024

JSON object

Loading...
6.1
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.

Affected (8)

Atlassian
2 products
Jira
Jira Server
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Jira
Before 7.6.9
Atlassian
Jira Server
From 7.10.0 to 7.10.3
Jira Server
From 7.11.0 to 7.11.3
Jira Server
From 7.12.0 to 7.12.3
Jira Server
From 7.13.0 to 7.13.1
Jira Server
From 7.7.0 to 7.7.5
Jira Server
From 7.8.0 to 7.8.5
Jira Server
From 7.9.0 to 7.9.3

Related CWEs

CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (4)

Source: security@atlassian.com
Third Party AdvisoryVDB Entry
Source: security@atlassian.com
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory

Timeline

No history available yet.