admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-115xx/CVE-2019-11589.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

130 lines
4.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-11589",
"sourceIdentifier": "security@atlassian.com",
"published": "2019-08-23T14:15:11.407",
"lastModified": "2024-11-21T04:21:23.850",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability."
},
{
"lang": "es",
"value": "El recurso ChangeSharedFilterOwner en Jira antes de la versi\u00f3n 7.13.6, de la versi\u00f3n 8.0.0 antes de la versi\u00f3n 8.2.3, y de la versi\u00f3n 8.3.0 antes de la versi\u00f3n 8.3.2 permite que los atacantes remotos ataquen a los usuarios, en algunos casos pueden obtener el Cross de un usuario token de falsificaci\u00f3n de solicitud de sitio (CSRF), a trav\u00e9s de una vulnerabilidad de redireccionamiento abierto.r en Jira antes de la versi\u00f3n 7.13.6, de la versi\u00f3n 8.0.0 antes de la versi\u00f3n 8.2.3, y de la versi\u00f3n 8.3.0 antes de la versi\u00f3n 8.3.2 permite que los atacantes remotos ataquen a los usuarios, en algunos casos pueden obtener el Cross de un usuario token de falsificaci\u00f3n de solicitud de sitio (CSRF), a trav\u00e9s de una vulnerabilidad de redireccionamiento abierto."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"baseScore": 5.8,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.13.0",
"versionEndExcluding": "7.13.6",
"matchCriteriaId": "2FED3DB9-E64F-4E15-B91A-03B408E4EA4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.2.3",
"matchCriteriaId": "F665F2DD-7C62-43CB-8FEB-2DB1521D8A87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.3.0",
"versionEndExcluding": "8.3.2",
"matchCriteriaId": "55DBB75B-F9FF-435E-B392-99F61ABBD6C5"
}
]
}
]
}
],
"references": [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-69780",
"source": "security@atlassian.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://jira.atlassian.com/browse/JRASERVER-69780",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink