Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 8.5.2, 8.7.0, 8.6.1
Affects Version/s: 7.13.0, 8.1.0, 8.4.1, 8.5.2, 8.6.0
Component/s: Login
Labels:

Fixed in Long Term Support Release/s:

Download 8.5
Introduced in Version:
7.13
Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 17/Dec/2019 3:24 AM

Updated:: 12/Feb/2022 12:43 PM

Resolved:: 17/Dec/2019 3:27 AM