CVE-2019-15002

Medium CVSS 4.3

Overview

An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As a result, an attacker can log a user into the system under an unexpected account.

CWE: CWE-352 Published: 2025-02-11T18:15:18.557

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 4.3 (MEDIUM)
Detected tags: csrf (tag impact: MODERATE)

Recommended actions:

CSRF tokens, SameSite=Strict for cookies, validate Origin/Referer.

Overview

Recommended tools

Tags