Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-69782

The ViewLogging class exposed various resources that were vulnerable to CSRF - CVE-2019-11587

      Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF).

          Form Name

            [JRASERVER-69782] The ViewLogging class exposed various resources that were vulnerable to CSRF - CVE-2019-11587

            This is an independent assessment and you should evaluate its applicability to your own IT environment.
            CVSS v3 score: 5.4 => Medium severity

            Exploitability Metrics

            Attack Vector Network
            Attack Complexity Low
            Privileges Required None
            User Interaction Required

            Scope Metric

            Scope Unchanged

            Impact Metrics

            Confidentiality None
            Integrity Low
            Availability Low

            https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

            Security Metrics Bot added a comment - This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 5.4 => Medium severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required None User Interaction Required Scope Metric Scope Unchanged Impact Metrics Confidentiality None Integrity Low Availability Low https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: