CVE-2018-13402 Information
Feb 14, 2021
cve
Description
Many resources in Atlassian Jira before version 7.6.9 from version 7.7.0 before version 7.7.5 from version 7.8.0 before version 7.8.5 from version 7.9.0 before version 7.9.3 from version 7.10.0 before version 7.10.3 from version 7.11.0 before version 7.11.3 from version 7.12.0 before version 7.12.3 and before version 7.13.1 allow remote attackers to attack users in some cases be able to obtain a user’s Cross-site request forgery (CSRF) token via a open redirect vulnerability.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
http://www.securityfocus.com/bid/105751 https://jira.atlassian.com/browse/JRASERVER-68140
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: