CVE-2018-13402

Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.

Published: Oct 23, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-13402
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-601

Affected Software
References

Software	From	Fixed in
atlassian / jira	-	7.6.9
atlassian / jira_server	7.11.0	7.11.3
atlassian / jira_server	7.12.0	7.12.3
atlassian / jira_server	7.13.0	7.13.1
atlassian / jira_server	7.10.0	7.10.3
atlassian / jira_server	7.7.0	7.7.5
atlassian / jira_server	7.9.0	7.9.3
atlassian / jira_server	7.8.0	7.8.5

Vulnerability Database

289,784

CVE-2018-13402