The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/105751 | Third Party Advisory VDB Entry |
https://jira.atlassian.com/browse/JRASERVER-68139 | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: atlassian
Published: 2018-10-23T00:00:00
Updated: 2018-10-30T09:57:01
Reserved: 2018-07-06T00:00:00
Link: CVE-2018-13401
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-10-23T13:29:03.040
Modified: 2022-03-25T17:22:38.667
Link: CVE-2018-13401
JSON object: View
Redhat Information
No data.
CWE