CVE-2019-11585 - OpenCVE

The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Atlassian	Jira Jira Server

Configuration 1 [-]

OR	cpe:2.3:a:atlassian:jira::::::::
	cpe:2.3:a:atlassian:jira_server::::::::
	cpe:2.3:a:atlassian:jira_server::::::::

No data.

References

Link	Providers
https://jira.atlassian.com/browse/JRASERVER-69784

History

No history.

MITRE

Status: PUBLISHED

Assigner: atlassian

Published: 2019-08-23T13:49:47.527781Z

Updated: 2024-09-16T20:32:20.365Z

Reserved: 2019-04-29T00:00:00

Link: CVE-2019-11585

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-08-23T14:15:10.907

Modified: 2022-03-25T17:20:54.680

Link: CVE-2019-11585

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Jira", "vendor": "Atlassian", "versions": [{"lessThan": "7.13.6", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.0.0", "versionType": "custom"}, {"lessThan": "8.2.3", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.3.0", "versionType": "custom"}, {"lessThan": "8.3.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2019-08-13T00:00:00", "descriptions": [{"lang": "en", "value": "The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect."}], "problemTypes": [{"descriptions": [{"description": "URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-23T13:49:47", "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://jira.atlassian.com/browse/JRASERVER-69784"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2019-08-13T00:00:00", "ID": "CVE-2019-11585", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jira", "version": {"version_data": [{"version_affected": "<", "version_value": "7.13.6"}, {"version_affected": ">=", "version_value": "8.0.0"}, {"version_affected": "<", "version_value": "8.2.3"}, {"version_affected": ">=", "version_value": "8.3.0"}, {"version_affected": "<", "version_value": "8.3.2"}]}}]}, "vendor_name": "Atlassian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "URL Redirection to Untrusted Site ('Open Redirect')"}]}]}, "references": {"reference_data": [{"name": "https://jira.atlassian.com/browse/JRASERVER-69784", "refsource": "MISC", "url": "https://jira.atlassian.com/browse/JRASERVER-69784"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:55:41.014Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.atlassian.com/browse/JRASERVER-69784"}]}]}, "cveMetadata": {"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "assignerShortName": "atlassian", "cveId": "CVE-2019-11585", "datePublished": "2019-08-23T13:49:47.527781Z", "dateReserved": "2019-04-29T00:00:00", "dateUpdated": "2024-09-16T20:32:20.365Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*", "matchCriteriaId": "83940834-60F6-4C58-9F17-FF2FFFAB5AF0", "versionEndExcluding": "7.13.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "F665F2DD-7C62-43CB-8FEB-2DB1521D8A87", "versionEndExcluding": "8.2.3", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "55DBB75B-F9FF-435E-B392-99F61ABBD6C5", "versionEndExcluding": "8.3.2", "versionStartIncluding": "8.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect."}, {"lang": "es", "value": "El recurso startup.jsp en Jira antes de la versi\u00f3n 7.13.6, desde la versi\u00f3n 8.0.0 antes de la versi\u00f3n 8.2.3 y desde la versi\u00f3n 8.3.0 antes de la versi\u00f3n 8.3.2 permite a los atacantes remotos redirigir a los usuarios a un sitio web diferente que pueden usar como parte de realizar un ataque de phishing a trav\u00e9s de una redirecci\u00f3n abierta."}], "id": "CVE-2019-11585", "lastModified": "2022-03-25T17:20:54.680", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-23T14:15:10.907", "references": [{"source": "security@atlassian.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/JRASERVER-69784"}], "sourceIdentifier": "security@atlassian.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}