exploitDog

CVE-2018-13401

Опубликовано: 23 окт. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability.

Ссылки

http://www.securityfocus.com/bid/105751
Third Party Advisory
VDB Entry
https://jira.atlassian.com/browse/JRASERVER-68139
Issue Tracking
Vendor Advisory
http://www.securityfocus.com/bid/105751
Third Party Advisory
VDB Entry
https://jira.atlassian.com/browse/JRASERVER-68139
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*

Версия до 7.6.9 (исключая)

cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

Версия от 7.7.0 (включая) до 7.7.5 (исключая)

cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

Версия от 7.8.0 (включая) до 7.8.5 (исключая)

cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

Версия от 7.9.0 (включая) до 7.9.3 (исключая)

cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

Версия от 7.10.0 (включая) до 7.10.3 (исключая)

cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

Версия от 7.11.0 (включая) до 7.11.3 (исключая)

cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

Версия от 7.12.0 (включая) до 7.12.3 (исключая)

cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

Версия от 7.13.0 (включая) до 7.13.1 (исключая)

EPSS

Процентиль: 32%

0.00118

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-pjxp-r4hq-wh9r

CVSS3: 6.1

github

около 3 лет назад

The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability.

EPSS

Процентиль: 32%

0.00118

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601