CVE-2019-20415 — Cross-Site Request Forgery in Atlassian Jira Server

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 64.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira Server Atlassian Jira Atlassian Jira Data Center +1 more

Timeline

PublishedJun 30

Latest updateMay 24

Description

Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

▶NVDatlassian/jira_data_center8.0.0 — 8.1.0

▶NVDatlassian/jira_software_data_center< 7.13.3

▶CVEListV5atlassian/jira_serverunspecified — 7.13.3+2

▶NVDatlassian/jira_server8.0.0 — 8.1.0

▶NVDatlassian/jira< 7.13.3

🔴Vulnerability Details

GHSA

GHSA-xx63-7hgm-gmr7: Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request f↗2022-05-24

▶

CVEList

CVE-2019-20415: Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request f↗2020-06-30

▶