Cross-site request forgery in Jira Software - CVE-2017-16862

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU12770

Cross-site request forgery in Jira Software - CVE-2017-16862

Published: May 16, 2018 / Updated: May 17, 2018


Vulnerability identifier: #VU12770
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-16862
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Atlassian
Affected software:
Jira Software

Detailed vulnerability description

The vulnerability allows a remote attacker to perform CSRF attack.

The weakness exists due to insufficient CSRF protections. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and modify the "incoming mail" whitelist setting.

How to mitigate CVE-2017-16862

Update to versions 7.7.0, 7.6.2 or 7.6.3.

Sources