CVE-2019-20100
https://notcve.org/view.php?id=CVE-2019-20100
The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version 6.1.0 before version 6.1.2, from version 7.0.0 before version 7.0.2, and from version 7.1.0 before version 7.1.3. The vulnerable plugin is used by Atlassian Jira Server and Data Center before version 8.7.0. An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present. El plugin Atlassian Application Links es vulnerable a un ataque de tipo cross-site request forgery (CSRF). • https://ecosystem.atlassian.net/browse/APL-1390 https://jira.atlassian.com/browse/JRASERVER-70607 https://www.tenable.com/security/research/tra-2020-06 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-20099
https://notcve.org/view.php?id=CVE-2019-20099
The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present. El componte VerifyPopServerConnection!add.jspa en Atlassian Jira Server and Data Center anterior a versión 8.7.0, es vulnerable a un ataque de tipo cross-site request forgery (CSRF). • https://jira.atlassian.com/browse/JRASERVER-70606 https://www.tenable.com/security/research/tra-2020-05 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-20098
https://notcve.org/view.php?id=CVE-2019-20098
The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user into making malicious HTTP requests, allowing the attacker to enumerate hosts and open ports on the internal network where Jira server is present. El componente VerifySmtpServerConnection!add.jspa en Atlassian Jira Server and Data Center anterior a versión 8.7.0, es vulnerable a un ataque de tipo cross-site request forgery (CSRF). • https://jira.atlassian.com/browse/JRASERVER-70605 https://www.tenable.com/security/research/tra-2020-05 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-20405
https://notcve.org/view.php?id=CVE-2019-20405
The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request forgery (CSRF) vulnerability. El flag de monitoreo JMX en Atlassian Jira Server and Data Center antes de la versión 8.6.0, permite a atacantes remotos activar o desactivar el flag de monitoreo JMX por medio de una vulnerabilidad de tipo cross-site request forgery (CSRF). • https://jira.atlassian.com/browse/JRASERVER-70570 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-20404
https://notcve.org/view.php?id=CVE-2019-20404
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization vulnerability. La API en Atlassian Jira Server y Data Center antes de la versión 8.6.0, permite a atacantes remotos autenticados determinar los títulos de proyectos a los que no tienen acceso por medio de una vulnerabilidad de autorización inapropiada. • https://jira.atlassian.com/browse/JRASERVER-70569 •