CVE-2019-20415

Severity CVSS v4.0:
Pending analysis
Type:
CWE-352 Cross-Site Request Forgery (CSRF)
Publication date:
30/06/2020
Last modified:
30/03/2022

Description

Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:* 7.13.3 (excluding)
cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:* 8.0.0 (including) 8.1.0 (excluding)
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:* 8.0.0 (including) 8.1.0 (excluding)
cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*:* 7.13.3 (excluding)


References to Advisories, Solutions, and Tools