CVE-2019-11589

Summary

The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.

Affected Software

VendorProductVersion RangeStatus
AtlassianJiraunspecified < 7.13.6affected
AtlassianJira8.0.0 < unspecifiedaffected
AtlassianJiraunspecified < 8.2.3affected
AtlassianJira8.3.0 < unspecifiedaffected
AtlassianJiraunspecified < 8.3.2affected

Weaknesses

  • URL Redirection to Untrusted Site ('Open Redirect')

ADP Enrichment

CVE Program Container

Additional References

References