CVE-2017-16862Cross-Site Request Forgery in Atlassian Jira

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 64.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Atlassian Jira
Timeline
PublishedJan 12
Latest updateMay 14

Description

The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDatlassian/jira< 7.6.2
CVEListV5atlassian/jiraprior to 7.6.2

Patches

Patch: jira.atlassian.comPatch: jira.atlassian.com

🔴Vulnerability Details

2
GHSA
GHSA-v734-hjcr-pm54: The IncomingMailServers resource in Atlassian Jira before version 72022-05-14
CVEList
CVE-2017-16862: The IncomingMailServers resource in Atlassian Jira before version 72018-01-12
CVE-2017-16862 — Cross-Site Request Forgery | cvebase