Описание
The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance.
Ссылки
- Issue TrackingVendor Advisory
- ExploitThird Party Advisory
- Issue TrackingVendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 7.4.0 (включая) до 8.4.0 (исключая)
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00197
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance.
EPSS
Процентиль: 42%
0.00197
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-352