CVE-2019-15002

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 63.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira Data Center Atlassian Jira Server

Timeline

PublishedFeb 11

Description

An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As a result, an attacker can log a user into the system under an unexpected account.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5atlassian/jira_serverunspecified — 8.1.0

▶CVEListV5atlassian/jira_data_centerunspecified — 8.1.0

▶NVDatlassian/jira_server7.6.4 — 8.1.0

▶NVDatlassian/jira_data_center7.6.4 — 8.1.0

🔴Vulnerability Details

CVEList

CVE-2019-15002: An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7↗2025-02-11

▶

GHSA

GHSA-q799-96gw-fjvp: An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7↗2025-02-11

▶