-
Bug
-
Resolution: Fixed
-
Low (View bug fix roadmap)
-
7.13.0, 8.0.0
-
7.13
-
Severity 3 - Minor
-
Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability.
Affected versions:
- version < 7.13.3
- 8.0.0 ≤ version < 8.1.0
Fixed versions:
- 7.13.3
- 8.1.0
[JRASERVER-70849] CSRF via Logging and Profiling feature - CVE-2019-20415
| Labels | Original: CVE-2019-20415 advisory advisory-to-release bugbounty csrf cvss-medium security | New: CVE-2019-20415 advisory advisory-released bugbounty csrf cvss-medium security |
| Summary | Original: CSRF via Logging and Profiling feature | New: CSRF via Logging and Profiling feature - CVE-2019-20415 |
| Labels | Original: advisory advisory-to-release bugbounty csrf cve-in-progress cvss-medium security | New: CVE-2019-20415 advisory advisory-to-release bugbounty csrf cvss-medium security |
| Labels | Original: advisory advisory-to-release bugbounty csrf cvss-medium security | New: advisory advisory-to-release bugbounty csrf cve-in-progress cvss-medium security |
| Fixed in Enterprise Release/s | New: [Download 7.13|https://confluence.atlassian.com/enterprise/atlassian-enterprise-releases-948227420.html] |
| Introduced in Version | New: 7.13 |
| Security | Original: Atlassian Staff [ 10750 ] |
| Affects Version/s | New: 8.0.0 [ 79699 ] |
| Description | Original: Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. |
New:
Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability.
*Affected versions:* * version < 7.13.3 * 8.0.0 ≤ version < 8.1.0 *Fixed versions:* * 7.13.3 * 8.1.0 |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Needs Triage [ 10030 ] | New: Closed [ 6 ] |