CVE-2019-20415

MEDIUM

Atlassian Jira < 7.13.3 and 8.0.0-8.1.0 - Cross-Site Request Forgery

Title source: llm

Description

Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0.

References (1)

Core 1

Core References

Issue Tracking, Vendor Advisory x_refsource_misc

https://jira.atlassian.com/browse/JRASERVER-70849

Scores

CVSS v3 4.3

EPSS 0.0011

EPSS Percentile 29.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-352

Status published

Products (4)

atlassian/jira < 7.13.3

atlassian/jira_data_center 8.0.0 - 8.1.0

atlassian/jira_server 8.0.0 - 8.1.0

atlassian/jira_software_data_center < 7.13.3

Published Jun 30, 2020

Tracked Since Feb 18, 2026