Headline
CVE-2019-14998: [JRASERVER-69791] "Cookie Tossing" CSRF weakness against subdomains - CVE-2019-14998
The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via “cookie tossing” a CSRF cookie from a subdomain of a Jira instance.
Details
- **Type: ** Bug
**Priority: ** Low
Resolution: Fixed
Affects Version/s: 7.6.4, 8.2.1
Labels:
- CVE-2019-14998
- advisory
- advisory-released
- bugbounty
- cisco-talos
- csrf
- cvss-medium
- security
Fixed in Long Term Support Release/s:
Introduced in Version:
7.06
Symptom Severity:
Severity 2 - Major
Description
The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via “cookie tossing” a CSRF cookie from a subdomain of a Jira instance.
Attachments
Issue Links
Activity
People
Votes:
0 Vote for this issue
Watchers:
13 Start watching this issue
Dates
Created:
12/Aug/2019 2:42 AM
Updated:
24/Nov/2020 6:50 PM
Resolved:
12/Aug/2019 2:42 AM