1. CVE-Search
  2. CVE-2019-11589
ID CVE-2019-11589
Summary The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.
References
Vulnerable Configurations
  • cpe:2.3:a:atlassian:jira_server:7.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:jira_server:7.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:jira_server:7.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:jira_server:7.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:jira_server:7.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:jira_server:7.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:jira_server:7.13.3:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:jira_server:7.13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:jira_server:7.13.4:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:jira_server:7.13.4:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:jira_server:7.13.5:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:jira_server:7.13.5:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:jira_server:8.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:jira_server:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:jira_server:8.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:jira_server:8.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:jira_server:8.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:jira_server:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:jira_server:8.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:jira_server:8.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:jira_server:8.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:jira_server:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:jira_server:8.0.22:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:jira_server:8.0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:jira_server:8.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:jira_server:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:jira_server:8.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:jira_server:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:jira_server:8.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:jira_server:8.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:jira_server:8.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:jira_server:8.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:jira_server:8.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:jira_server:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:jira_server:8.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:jira_server:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:jira_server:8.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:jira_server:8.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:jira_server:8.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:jira_server:8.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:atlassian:jira_server:8.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:atlassian:jira_server:8.3.1:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 25-03-2022 - 17:20)
Impact:
Exploitability:
CWE CWE-601
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
refmap via4
misc https://jira.atlassian.com/browse/JRASERVER-69780
Last major update 25-03-2022 - 17:20
Published 23-08-2019 - 14:15
Last modified 25-03-2022 - 17:20
Back to Top