CVE-2019-15002

Summary

An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As a result, an attacker can log a user into the system under an unexpected account.

Affected Software

VendorProductVersion RangeStatus
AtlassianJira Serverunspecified < 7.6.4unaffected
AtlassianJira Serverunspecified < 8.1.0affected
AtlassianJira Data Centerunspecified < 7.6.4unaffected
AtlassianJira Data Centerunspecified < 8.1.0affected

Weaknesses

  • Cross-Site Request Forgery

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References