Loading...

Log In
Closed

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 8.5.2, 8.6.1, 8.7.0
Affects Version/s: 7.13.0, 8.1.0, 8.4.1, 8.5.2, 8.6.0
Component/s: Login
Labels:

Fixed in Long Term Support Release/s:

Download 8.5
Introduced in Version:
7.13
Symptom Severity:
Severity 3 - Minor

The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter.

Assignee:: Unassigned
Reporter:: Security Metrics Bot
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: 17/Dec/2019 3:24 AM
Updated:: 12/Feb/2022 12:43 PM
Resolved:: 17/Dec/2019 3:27 AM

Details

Description

Attachments

Activity

People

Dates