Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 8.5.2, 8.6.0
Affects Version/s: 7.6.15, 8.3.3, 7.13.8, 8.5.0
Component/s: Installation
Labels:
- CVE-2019-20401
- advisory
- advisory-released
- bugbounty
- csrf
- cvss-medium
- security
- xsrf

Fixed in Long Term Support Release/s:

Download 8.5
Introduced in Version:
7.06
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery (CSRF) vulnerabilities.

Once a Jira instance is setup (i.e. database, admin account, licence, etc. form are filled) the vulnerability can't be exploited anymore.

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 17/Dec/2019 2:10 AM

Updated:: 22/May/2020 8:22 AM

Resolved:: 17/Dec/2019 2:11 AM

Details

Description

Attachments

Forms

Activity

People

Dates