Unrated severityNVD Advisory· Published Oct 23, 2018· Updated Sep 17, 2024
CVE-2018-13401
CVE-2018-13401
Description
The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2>=7.6.0, <7.6.9; >=7.7.0, <7.7.5; >=7.8.0, <7.8.5; >=7.9.0, <7.9.3; >=7.10.0, <7.10.3; >=7.11.0, <7.11.3; >=7.12.0, <7.12.3; <7.13.1+ 1 more
- (no CPE)range: >=7.6.0, <7.6.9; >=7.7.0, <7.7.5; >=7.8.0, <7.8.5; >=7.9.0, <7.9.3; >=7.10.0, <7.10.3; >=7.11.0, <7.11.3; >=7.12.0, <7.12.3; <7.13.1
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/105751mitrevdb-entryx_refsource_BID
- jira.atlassian.com/browse/JRASERVER-68139mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.