CVE-2019-20405Cross-Site Request Forgery in Atlassian Jira Server

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 60.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian Jira ServerAtlassian Jira Data Center
Timeline
PublishedFeb 6
Latest updateMay 24

Description

The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDatlassian/jira_data_center7.13.08.6.0
CVEListV5atlassian/jira_serverunspecified8.6.0
NVDatlassian/jira_server7.13.08.6.0

🔴Vulnerability Details

2
GHSA
GHSA-fqgg-47vq-qpg3: The JMX monitoring flag in Atlassian Jira Server and Data Center before version 82022-05-24
CVEList
CVE-2019-20405: The JMX monitoring flag in Atlassian Jira Server and Data Center before version 82020-02-06
CVE-2019-20405 — Cross-Site Request Forgery | cvebase