CVE-2019-11585

Summary

The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.

Affected Software

VendorProductVersion RangeStatus
AtlassianJiraunspecified < 7.13.6affected
AtlassianJira8.0.0 < unspecifiedaffected
AtlassianJiraunspecified < 8.2.3affected
AtlassianJira8.3.0 < unspecifiedaffected
AtlassianJiraunspecified < 8.3.2affected

Weaknesses

  • URL Redirection to Untrusted Site ('Open Redirect')

ADP Enrichment

CVE Program Container

Additional References

References