{"containers": {"cna": {"affected": [{"product": "Jira", "vendor": "Atlassian", "versions": [{"lessThan": "7.6.9", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.7.0", "versionType": "custom"}, {"lessThan": "7.7.5", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.8.0", "versionType": "custom"}, {"lessThan": "7.8.5", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.9.0", "versionType": "custom"}, {"lessThan": "7.9.3", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.10.0", "versionType": "custom"}, {"lessThan": "7.10.3", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.11.0", "versionType": "custom"}, {"lessThan": "7.11.3", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.12.0", "versionType": "custom"}, {"lessThan": "7.12.3", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.13.0", "versionType": "custom"}, {"lessThan": "7.13.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2018-10-23T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability."}], "problemTypes": [{"descriptions": [{"description": "URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-30T09:57:01.000Z", "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian"}, "references": [{"name": "105751", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105751"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://jira.atlassian.com/browse/JRASERVER-68140"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2018-10-23T00:00:00", "ID": "CVE-2018-13402", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jira", "version": {"version_data": [{"version_affected": "<", "version_value": "7.6.9"}, {"version_affected": ">=", "version_value": "7.7.0"}, {"version_affected": "<", "version_value": "7.7.5"}, {"version_affected": ">=", "version_value": "7.8.0"}, {"version_affected": "<", "version_value": "7.8.5"}, {"version_affected": ">=", "version_value": "7.9.0"}, {"version_affected": "<", "version_value": "7.9.3"}, {"version_affected": ">=", "version_value": "7.10.0"}, {"version_affected": "<", "version_value": "7.10.3"}, {"version_affected": ">=", "version_value": "7.11.0"}, {"version_affected": "<", "version_value": "7.11.3"}, {"version_affected": ">=", "version_value": "7.12.0"}, {"version_affected": "<", "version_value": "7.12.3"}, {"version_affected": ">=", "version_value": "7.13.0"}, {"version_affected": "<", "version_value": "7.13.1"}]}}]}, "vendor_name": "Atlassian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "URL Redirection to Untrusted Site ('Open Redirect')"}]}]}, "references": {"reference_data": [{"name": "105751", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105751"}, {"name": "https://jira.atlassian.com/browse/JRASERVER-68140", "refsource": "CONFIRM", "url": "https://jira.atlassian.com/browse/JRASERVER-68140"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T09:00:35.161Z"}, "title": "CVE Program Container", "references": [{"name": "105751", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105751"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://jira.atlassian.com/browse/JRASERVER-68140"}]}]}, "cveMetadata": {"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "assignerShortName": "atlassian", "cveId": "CVE-2018-13402", "datePublished": "2018-10-23T14:00:00.000Z", "dateReserved": "2018-07-06T00:00:00.000Z", "dateUpdated": "2024-09-16T17:52:50.468Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*", "matchCriteriaId": "25E9DDE1-F33F-4F65-A521-807D4F09C0AE", "versionEndExcluding": "7.6.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "300D871F-7128-41F1-BCC8-BE7C3687741B", "versionEndExcluding": "7.7.5", "versionStartIncluding": "7.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "A04E4050-271E-4D23-B988-E02D5A651386", "versionEndExcluding": "7.8.5", "versionStartIncluding": "7.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A3C3F9E-5BDD-48F3-B45F-9B9C6D31CAE2", "versionEndExcluding": "7.9.3", "versionStartIncluding": "7.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "C568973F-5079-49ED-928D-7F11C842CF4B", "versionEndExcluding": "7.10.3", "versionStartIncluding": "7.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "551A5667-1184-4E3D-9AA7-90C8D18590C3", "versionEndExcluding": "7.11.3", "versionStartIncluding": "7.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "078CC169-BA97-4F89-A9AE-05E21FC867CA", "versionEndExcluding": "7.12.3", "versionStartIncluding": "7.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0A81285-A452-4AFE-94BE-3B27014535A3", "versionEndExcluding": "7.13.1", "versionStartIncluding": "7.13.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability."}, {"lang": "es", "value": "Muchos recursos en Atlassian Jira en versiones anteriores a la 7.6.9, desde la versi\u00f3n 7.7.0 anterior a la 7.7.5, desde la versi\u00f3n 7.8.0 anterior a la 7.8.5, desde la versi\u00f3n 7.9.0 anterior a la 7.9.3, desde la versi\u00f3n 7.10.0 anterior a la 7.10.3, desde la versi\u00f3n 7.11.0 anterior a la 7.11.3, desde la versi\u00f3n 7.12.0 anterior a la 7.12.3 y antes de la versi\u00f3n 7.13.1 permiten que atacantes remotos ataquen a usuarios y, en algunos casos, obtengan el token Cross-Site Request Forgery (CSRF) de un usuario a trav\u00e9s de una vulnerabilidad de redirecci\u00f3n abierta."}], "id": "CVE-2018-13402", "lastModified": "2024-11-21T03:47:02.103", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-23T13:29:03.117", "references": [{"source": "security@atlassian.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105751"}, {"source": "security@atlassian.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/JRASERVER-68140"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105751"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/JRASERVER-68140"}], "sourceIdentifier": "security@atlassian.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}