CVE-2019-20100Cross-Site Request Forgery in Atlassian Application Links

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
4.7MEDIUMNVD
EPSS
0.3%
top 46.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Atlassian Application LinksAtlassian Jira ServerAtlassian Jira+1 more
Timeline
PublishedFeb 12
Latest updateMay 24

Description

The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.2, and from version 7.1.0 before version 7.1.3. The vulnerable plugin is used by Atlassian Jira Server and Data Center before version 8.7.0. An attacker could exploit this by tricking an administrative user into making ma

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

CVEListV5atlassian/jira_serverunspecified8.7.0
NVDatlassian/jira_server8.5.58.6.2
NVDatlassian/jira_data_center7.0.08.5.4+1
NVDatlassian/jira7.0.08.4.5
CVEListV5atlassian/application_linksunspecified5.4.21+8

🔴Vulnerability Details

2
GHSA
GHSA-mjf6-gmwv-grxx: The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF)2022-05-24
CVEList
CVE-2019-20100: The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF)2020-02-12
CVE-2019-20100 — Cross-Site Request Forgery | cvebase