CVE-2019-15002
Severity CVSS v4.0:
Pending analysis
Type:
CWE-352
Cross-Site Request Forgery (CSRF)
Publication date:
11/02/2025
Last modified:
13/03/2025
Description
An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As a result, an attacker can log a user into the system under an unexpected account.
Impact
Base Score 3.x
4.30
Severity 3.x
MEDIUM