← Back

CVE-2019-20099

nvd nist
Published: Feb 12, 2020Modified: Nov 21, 2024

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present.

Affected (4)

Atlassian
2 products
Jira Data Center
Jira Server
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Atlassian
Jira Data Center
From 7.6.15 to 8.5.4
Jira Data Center
From 8.5.5 to 8.6.2
Atlassian
Jira Server
From 7.6.15 to 8.5.4
Jira Server
From 8.5.5 to 8.6.2

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

Source: security@atlassian.com
Issue TrackingVendor Advisory
Source: security@atlassian.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.