CVE-2019-11588 — Cross-Site Request Forgery in Atlassian Jira
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 67.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 23
Latest updateMay 24
Description
The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4