CVE-2019-11587: CSRF
First published: Tue Aug 13 2019(Updated: )
Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF).
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Jira | <7.13.6 | |
| Atlassian Server | >=8.0.0<8.2.3 | |
| Atlassian Server | >=8.3.0<8.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-11587?
CVE-2019-11587 has been classified with a medium severity, as it allows CSRF attacks which can lead to unauthorized modifications.
How do I fix CVE-2019-11587?
To fix CVE-2019-11587, upgrade Jira to version 7.13.6 or later, or 8.2.3 or later, and ensure your server is configured to properly mitigate CSRF risks.
What versions of Jira are affected by CVE-2019-11587?
CVE-2019-11587 affects Jira versions prior to 7.13.6, and from 8.0.0 before 8.2.3 and from 8.3.0 before 8.3.2.
What type of attack is associated with CVE-2019-11587?
CVE-2019-11587 is associated with Cross-site request forgery (CSRF) attacks.
Can CVE-2019-11587 allow attackers to change settings in Jira?
Yes, CVE-2019-11587 allows remote attackers to modify various settings in Jira through CSRF.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/atlassian
- canonical/atlassian jira
- canonical/atlassian server
- version/atlassian server/8.0.0
- version/atlassian server/8.3.0