Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-70881

CSRF on Wallboard endpoint - CVE-2019-20411

XMLWordPrintable

      Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability.

      Affected versions:

      • version < 7.13.9
      • 8.0.0 ≤ version < 8.4.2

      Fixed versions:

      • 7.13.9
      • 8.4.2
      • 8.5.0

            [JRASERVER-70881] CSRF on Wallboard endpoint - CVE-2019-20411

            David Black made changes -
            Labels Original: CVE-2019-20411 advisory advisory-to-release bugbash2 bugbounty csrf cvss-medium security xsrf New: CVE-2019-20411 advisory advisory-released bugbash2 bugbounty csrf cvss-medium security xsrf
            AB made changes -
            Labels Original: advisory advisory-to-release bugbash2 bugbounty csrf cve-in-progress cvss-medium security xsrf New: CVE-2019-20411 advisory advisory-to-release bugbash2 bugbounty csrf cvss-medium security xsrf
            AB made changes -
            Summary Original: CSRF on Wallboard endpoint New: CSRF on Wallboard endpoint - CVE-2019-20411
            AB made changes -
            Labels Original: advisory advisory-to-release bugbash2 bugbounty csrf cvss-medium security xsrf New: advisory advisory-to-release bugbash2 bugbounty csrf cve-in-progress cvss-medium security xsrf
            set-jac-bot made changes -
            Fixed in Enterprise Release/s New: [Download 7.13, 8.5|https://confluence.atlassian.com/enterprise/atlassian-enterprise-releases-948227420.html]
            Bugfix Automation Bot made changes -
            Introduced in Version New: 7.13
            Security Metrics Bot made changes -
            Due Date New: 07/Jul/2020
            AB made changes -
            Security Original: Atlassian Staff [ 10750 ]
            AB made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Needs Triage [ 10030 ] New: Closed [ 6 ]
            AB made changes -
            Description Original: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability.

            *Affected versions:*
             * version < 7.13.9
             * 8.0.0 ≤ version < 8.4.2

            *Fixed versions:*
             * **7.13.9
             * 8.4.2
             * 8.5.0             		New: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability.

            *Affected versions:*
             * version < 7.13.9
             * 8.0.0 ≤ version < 8.4.2

            *Fixed versions:*
             * 7.13.9
             * 8.4.2
             * 8.5.0

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: