mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-06 18:53:08 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
8b9a2c2b30
commit
51a1754fcd
@ -1,62 +1,64 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@atlassian.com",
|
||||
"DATE_PUBLIC": "2019-08-13T00:00:00",
|
||||
"ID": "CVE-2019-11584",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Jira",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "8.3.2",
|
||||
"version_affected": "<"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Atlassian"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross Site Scripting (XSS)"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@atlassian.com",
|
||||
"DATE_PUBLIC": "2019-08-13T00:00:00",
|
||||
"ID": "CVE-2019-11584",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Jira",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "8.3.2",
|
||||
"version_affected": "<"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Atlassian"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://jira.atlassian.com/browse/JRASERVER-69785"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross Site Scripting (XSS)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://jira.atlassian.com/browse/JRASERVER-69785",
|
||||
"refsource": "MISC",
|
||||
"name": "https://jira.atlassian.com/browse/JRASERVER-69785"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -1,78 +1,80 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@atlassian.com",
|
||||
"DATE_PUBLIC": "2019-08-13T00:00:00",
|
||||
"ID": "CVE-2019-11585",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Jira",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "7.13.6",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "8.0.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "8.2.3",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "8.3.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "8.3.2",
|
||||
"version_affected": "<"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Atlassian"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "URL Redirection to Untrusted Site ('Open Redirect')"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@atlassian.com",
|
||||
"DATE_PUBLIC": "2019-08-13T00:00:00",
|
||||
"ID": "CVE-2019-11585",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Jira",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "7.13.6",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "8.0.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "8.2.3",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "8.3.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "8.3.2",
|
||||
"version_affected": "<"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Atlassian"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://jira.atlassian.com/browse/JRASERVER-69784"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "URL Redirection to Untrusted Site ('Open Redirect')"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://jira.atlassian.com/browse/JRASERVER-69784",
|
||||
"refsource": "MISC",
|
||||
"name": "https://jira.atlassian.com/browse/JRASERVER-69784"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -1,78 +1,80 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@atlassian.com",
|
||||
"DATE_PUBLIC": "2019-08-13T00:00:00",
|
||||
"ID": "CVE-2019-11586",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Jira",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "7.13.6",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "8.0.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "8.2.3",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "8.3.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "8.3.2",
|
||||
"version_affected": "<"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Atlassian"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-Site Request Forgery (CSRF)"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@atlassian.com",
|
||||
"DATE_PUBLIC": "2019-08-13T00:00:00",
|
||||
"ID": "CVE-2019-11586",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Jira",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "7.13.6",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "8.0.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "8.2.3",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "8.3.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "8.3.2",
|
||||
"version_affected": "<"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Atlassian"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://jira.atlassian.com/browse/JRASERVER-69783"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-Site Request Forgery (CSRF)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://jira.atlassian.com/browse/JRASERVER-69783",
|
||||
"refsource": "MISC",
|
||||
"name": "https://jira.atlassian.com/browse/JRASERVER-69783"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -1,78 +1,80 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@atlassian.com",
|
||||
"DATE_PUBLIC": "2019-08-13T00:00:00",
|
||||
"ID": "CVE-2019-11587",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Jira",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "7.13.6",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "8.0.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "8.2.3",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "8.3.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "8.3.2",
|
||||
"version_affected": "<"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Atlassian"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF)."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-Site Request Forgery (CSRF)"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@atlassian.com",
|
||||
"DATE_PUBLIC": "2019-08-13T00:00:00",
|
||||
"ID": "CVE-2019-11587",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Jira",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "7.13.6",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "8.0.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "8.2.3",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "8.3.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "8.3.2",
|
||||
"version_affected": "<"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Atlassian"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://jira.atlassian.com/browse/JRASERVER-69782"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF)."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-Site Request Forgery (CSRF)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://jira.atlassian.com/browse/JRASERVER-69782",
|
||||
"refsource": "MISC",
|
||||
"name": "https://jira.atlassian.com/browse/JRASERVER-69782"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -1,78 +1,80 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@atlassian.com",
|
||||
"DATE_PUBLIC": "2019-08-13T00:00:00",
|
||||
"ID": "CVE-2019-11588",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Jira",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "7.13.6",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "8.0.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "8.2.3",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "8.3.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "8.3.2",
|
||||
"version_affected": "<"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Atlassian"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-Site Request Forgery (CSRF)"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@atlassian.com",
|
||||
"DATE_PUBLIC": "2019-08-13T00:00:00",
|
||||
"ID": "CVE-2019-11588",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Jira",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "7.13.6",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "8.0.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "8.2.3",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "8.3.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "8.3.2",
|
||||
"version_affected": "<"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Atlassian"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://jira.atlassian.com/browse/JRASERVER-69781"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-Site Request Forgery (CSRF)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://jira.atlassian.com/browse/JRASERVER-69781",
|
||||
"refsource": "MISC",
|
||||
"name": "https://jira.atlassian.com/browse/JRASERVER-69781"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -1,78 +1,80 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@atlassian.com",
|
||||
"DATE_PUBLIC": "2019-08-13T00:00:00",
|
||||
"ID": "CVE-2019-11589",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Jira",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "7.13.6",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "8.0.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "8.2.3",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "8.3.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "8.3.2",
|
||||
"version_affected": "<"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Atlassian"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "URL Redirection to Untrusted Site ('Open Redirect')"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@atlassian.com",
|
||||
"DATE_PUBLIC": "2019-08-13T00:00:00",
|
||||
"ID": "CVE-2019-11589",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Jira",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "7.13.6",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "8.0.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "8.2.3",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "8.3.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "8.3.2",
|
||||
"version_affected": "<"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Atlassian"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://jira.atlassian.com/browse/JRASERVER-69780"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "URL Redirection to Untrusted Site ('Open Redirect')"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://jira.atlassian.com/browse/JRASERVER-69780",
|
||||
"refsource": "MISC",
|
||||
"name": "https://jira.atlassian.com/browse/JRASERVER-69780"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -1,78 +1,80 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@atlassian.com",
|
||||
"DATE_PUBLIC": "2019-08-22T00:00:00",
|
||||
"ID": "CVE-2019-14999",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Universal Plugin Manager",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2.22.19",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "3.0.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "3.0.3",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "4.0.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "4.0.3",
|
||||
"version_affected": "<"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Atlassian"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-Site Request Forgery (CSRF)"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@atlassian.com",
|
||||
"DATE_PUBLIC": "2019-08-22T00:00:00",
|
||||
"ID": "CVE-2019-14999",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Universal Plugin Manager",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "2.22.19",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "3.0.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "3.0.3",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "4.0.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "4.0.3",
|
||||
"version_affected": "<"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Atlassian"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://ecosystem.atlassian.net/browse/UPM-6044"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The Uninstall REST endpoint in Atlassian Universal Plugin Manager before version 2.22.19, from version 3.0.0 before version 3.0.3 and from version 4.0.0 before version 4.0.3 allows remote attackers to uninstall plugins using a Cross-Site Request Forgery (CSRF) vulnerability on an authenticated administrator."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-Site Request Forgery (CSRF)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://ecosystem.atlassian.net/browse/UPM-6044",
|
||||
"refsource": "MISC",
|
||||
"name": "https://ecosystem.atlassian.net/browse/UPM-6044"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -56,6 +56,11 @@
|
||||
"url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers",
|
||||
"refsource": "MISC",
|
||||
"name": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://wpvulndb.com/vulnerabilities/9392",
|
||||
"url": "https://wpvulndb.com/vulnerabilities/9392"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,70 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@atlassian.com",
|
||||
"DATE_PUBLIC": "2019-08-13T00:00:00",
|
||||
"ID": "CVE-2019-8444",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Jira",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "7.13.6",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "8.0.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "8.3.2",
|
||||
"version_affected": "<"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Atlassian"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross Site Scripting (XSS)"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@atlassian.com",
|
||||
"DATE_PUBLIC": "2019-08-13T00:00:00",
|
||||
"ID": "CVE-2019-8444",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Jira",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "7.13.6",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "8.0.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "8.3.2",
|
||||
"version_affected": "<"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Atlassian"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://jira.atlassian.com/browse/JRASERVER-69779"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross Site Scripting (XSS)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://jira.atlassian.com/browse/JRASERVER-69779",
|
||||
"refsource": "MISC",
|
||||
"name": "https://jira.atlassian.com/browse/JRASERVER-69779"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -1,70 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@atlassian.com",
|
||||
"DATE_PUBLIC": "2019-08-13T00:00:00",
|
||||
"ID": "CVE-2019-8445",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Jira",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "7.13.7",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "8.0.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "8.3.2",
|
||||
"version_affected": "<"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Atlassian"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Incorrect Authorization (CWE-863)"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@atlassian.com",
|
||||
"DATE_PUBLIC": "2019-08-13T00:00:00",
|
||||
"ID": "CVE-2019-8445",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Jira",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "7.13.7",
|
||||
"version_affected": "<"
|
||||
},
|
||||
{
|
||||
"version_value": "8.0.0",
|
||||
"version_affected": ">="
|
||||
},
|
||||
{
|
||||
"version_value": "8.3.2",
|
||||
"version_affected": "<"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Atlassian"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://jira.atlassian.com/browse/JRASERVER-69778"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.2 allow remote attackers to view worklog time information via a missing permissions check."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Incorrect Authorization (CWE-863)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://jira.atlassian.com/browse/JRASERVER-69778",
|
||||
"refsource": "MISC",
|
||||
"name": "https://jira.atlassian.com/browse/JRASERVER-69778"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -1,62 +1,64 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@atlassian.com",
|
||||
"DATE_PUBLIC": "2019-08-13T00:00:00",
|
||||
"ID": "CVE-2019-8446",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Jira",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "8.3.2",
|
||||
"version_affected": "<"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Atlassian"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Incorrect Authorization (CWE-863)"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@atlassian.com",
|
||||
"DATE_PUBLIC": "2019-08-13T00:00:00",
|
||||
"ID": "CVE-2019-8446",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Jira",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "8.3.2",
|
||||
"version_affected": "<"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Atlassian"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://jira.atlassian.com/browse/JRASERVER-69777"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Incorrect Authorization (CWE-863)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://jira.atlassian.com/browse/JRASERVER-69777",
|
||||
"refsource": "MISC",
|
||||
"name": "https://jira.atlassian.com/browse/JRASERVER-69777"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -1,62 +1,64 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@atlassian.com",
|
||||
"DATE_PUBLIC": "2019-08-13T00:00:00",
|
||||
"ID": "CVE-2019-8447",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Jira",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "8.3.2",
|
||||
"version_affected": "<"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Atlassian"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-Site Request Forgery (CSRF)"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@atlassian.com",
|
||||
"DATE_PUBLIC": "2019-08-13T00:00:00",
|
||||
"ID": "CVE-2019-8447",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Jira",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "8.3.2",
|
||||
"version_affected": "<"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Atlassian"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://jira.atlassian.com/browse/JRASERVER-69776"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery (CSRF) vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-Site Request Forgery (CSRF)"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"url": "https://jira.atlassian.com/browse/JRASERVER-69776",
|
||||
"refsource": "MISC",
|
||||
"name": "https://jira.atlassian.com/browse/JRASERVER-69776"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user