cbcvebase.
CVE-2019-15002
published 2025-02-11

CVE-2019-15002: An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As a result, an attacker…

medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As a result, an attacker can log a user into the system under an unexpected account.

Affected

4 ranges
VendorProductVersion rangeFixed in
atlassianjira_data_center7.6.4 – 8.1.0
atlassianjira_data_center>= unspecified < 8.1.08.1.0
atlassianjira_server7.6.4 – 8.1.0
atlassianjira_server>= unspecified < 8.1.08.1.0