Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability.

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to version 7.6.10, 7.7.0 prior to 7.12.4 or 7.13.0 prior to 7.13.1. It is, therefore, affected by multiple vulnerabilities.

- A vulnerability in the two-dimensional filter gadget which permits remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard (CVE-2018-13403).

- A flaw in many resources which would permit remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability (CVE-2018-13402).

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is potentially affected by multiple vulnerabilities.

ID	Name	Product	Family	Severity
113801	Atlassian Jira 7.13.0 < 7.13.1 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
113800	Atlassian Jira 7.7.0 < 7.12.4 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
113799	Atlassian Jira < 7.6.10 Multiple Vulnerabilities	Web App Scanning	Component Vulnerability	medium
118713	Atlassian JIRA XSRF, Open Redirect, and Access Control Bypass Vulnerabilities	Nessus	CGI abuses	medium

Detections

Analytics

CVE-2018-13402

medium

Tenable Plugins

medium

medium

medium

medium