CVE-2019-11589: CSRF
First published: Fri Aug 23 2019(Updated: )
The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Server | >=7.13.0<7.13.6 | |
| Atlassian Server | >=8.0.0<8.2.3 | |
| Atlassian Server | >=8.3.0<8.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-11589?
CVE-2019-11589 is classified as a medium severity vulnerability.
How do I fix CVE-2019-11589?
To fix CVE-2019-11589, update Jira Server to version 7.13.6 or 8.2.3 and later.
Which versions are affected by CVE-2019-11589?
CVE-2019-11589 affects Jira Server versions before 7.13.6, between 8.0.0 and 8.2.3, and between 8.3.0 and 8.3.2.
What type of attack does CVE-2019-11589 allow?
CVE-2019-11589 allows remote attackers to potentially obtain a user's Cross-site request forgery (CSRF) token.
Is CVE-2019-11589 an open redirect vulnerability?
Yes, CVE-2019-11589 involves an open redirect vulnerability that enables the exploitation of users.
- agent/type
- agent/softwarecombine
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/atlassian
- canonical/atlassian server
- version/atlassian server/7.13.0
- version/atlassian server/8.0.0
- version/atlassian server/8.3.0