CVE-2019-11587

MEDIUM

Jira <7.13.6, <8.0.0-<8.2.3, <8.3.0-<8.3.2 - CSRF

Title source: llm
STIX 2.1

Description

Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF).

References (1)

Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://jira.atlassian.com/browse/JRASERVER-69782

Scores

CVSS v3 6.5
EPSS 0.0009
EPSS Percentile 24.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-352
Status published
Products (2)
atlassian/jira < 7.13.6
atlassian/jira_server 8.0.0 - 8.2.3
Published Aug 23, 2019
Tracked Since Feb 18, 2026