Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-14998: [JRASERVER-69791] "Cookie Tossing" CSRF weakness against subdomains - CVE-2019-14998

The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via “cookie tossing” a CSRF cookie from a subdomain of a Jira instance.

CVE
#csrf#web#cisco

Details

  • **Type: ** Bug
  • **Priority: ** Low

  • Resolution: Fixed

  • Affects Version/s: 7.6.4, 8.2.1

  • Labels:

    • CVE-2019-14998
    • advisory
    • advisory-released
    • bugbounty
    • cisco-talos
    • csrf
    • cvss-medium
    • security
  • Fixed in Long Term Support Release/s:

  • Introduced in Version:

    7.06

  • Symptom Severity:

    Severity 2 - Major

Description

The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via “cookie tossing” a CSRF cookie from a subdomain of a Jira instance.

Attachments

Issue Links

Activity

People

Votes:

0 Vote for this issue

Watchers:

13 Start watching this issue

Dates

Created:

12/Aug/2019 2:42 AM

Updated:

24/Nov/2020 6:50 PM

Resolved:

12/Aug/2019 2:42 AM

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907