Open Redirect Vulnerability in XsrfErrorAction Resource in Atlassian Jira

Open Redirect Vulnerability in XsrfErrorAction Resource in Atlassian Jira

CVE-2018-13401 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability.

Learn more about our User Device Pen Test.