CVE-2019-14998

Summary

The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance.

Affected Software

VendorProductVersion RangeStatus
AtlassianJiraunspecified < 8.4.0affected

Weaknesses

  • N/A

ADP Enrichment

CVE Program Container

Additional References

References