CVE-2019-11586 — Cross-Site Request Forgery in Atlassian Jira
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 75.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 23
Latest updateMay 24
Description
The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4