CVE-2019-11587

Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF).

Published: Aug 23, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-11587
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
atlassian / jira	-	7.13.6
atlassian / jira_server	8.3.0	8.3.2
atlassian / jira_server	8.0.0	8.2.3

https://jira.atlassian.com/browse/JRASERVER-69782

Vulnerability Database

289,784

CVE-2019-11587