CVE-2019-11588: CSRF
First published: Tue Aug 13 2019(Updated: )
The ViewSystemInfo class doGarbageCollection method in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to trigger garbage collection via a Cross-site request forgery (CSRF) vulnerability.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Jira | <7.13.6 | |
| Atlassian Server | >=8.0.0<8.2.3 | |
| Atlassian Server | >=8.3.0<8.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-11588?
CVE-2019-11588 is classified as a medium severity vulnerability due to its potential impact on system functionality.
How do I fix CVE-2019-11588?
To fix CVE-2019-11588, upgrade Jira to version 7.13.6 or versions 8.2.3 and 8.3.2 or later.
Who is affected by CVE-2019-11588?
CVE-2019-11588 affects users of Jira versions prior to 7.13.6, 8.2.3, and 8.3.2.
What type of attack does CVE-2019-11588 involve?
CVE-2019-11588 involves a Cross-site request forgery (CSRF) attack that allows remote exploitation.
What is the consequence of exploiting CVE-2019-11588?
Exploiting CVE-2019-11588 allows attackers to trigger garbage collection, which can affect the performance and stability of the Jira application.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/atlassian
- canonical/atlassian jira
- canonical/atlassian server
- version/atlassian server/8.0.0
- version/atlassian server/8.3.0