CVE-2018-13401

The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability.

Published: Oct 23, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-13401
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-601

Affected Software
References

Software	From	Fixed in
atlassian / jira	-	7.6.9
atlassian / jira_server	7.11.0	7.11.3
atlassian / jira_server	7.12.0	7.12.3
atlassian / jira_server	7.13.0	7.13.1
atlassian / jira_server	7.10.0	7.10.3
atlassian / jira_server	7.7.0	7.7.5
atlassian / jira_server	7.9.0	7.9.3
atlassian / jira_server	7.8.0	7.8.5

Vulnerability Database

289,782

CVE-2018-13401