CVE-2018-5231 — Atlassian Jira vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

1.0%

top 23.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira Atlassian Jira Server

Timeline

PublishedMay 16

Latest updateMay 13

Description

The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5atlassian/jiraunspecified — 7.6.6+6

▶NVDatlassian/jira< 7.6.6

▶NVDatlassian/jira_server7.7.0 — 7.7.4+2

🔴Vulnerability Details

GHSA

GHSA-j5g5-xqvm-c9w3: The ForgotLoginDetails resource in Atlassian Jira before version 7↗2022-05-13

▶

CVEList

CVE-2018-5231: The ForgotLoginDetails resource in Atlassian Jira before version 7↗2018-05-16

▶