CSRF Vulnerability in Atlassian JIRA Server Affecting Multiple Versions
CVE-2016-4319

8.8HIGH

Key Information:

Vendor

Atlassian
Status
Atlassian Jira Server Before 7.1.9
Vendor
CVE Published:
10 April 2017

What is CVE-2016-4319?

Atlassian JIRA Server prior to version 7.1.9 is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability that could allow attackers to perform malicious actions on behalf of authenticated users without their consent. This vulnerability exists in the auditing/settings component of the application. Users are recommended to upgrade to the latest version to mitigate exposure and ensure secure operations. For more information on this vulnerability and its impacts, visit the Atlassian release notes and relevant security advisories.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Atlassian JIRA Server before 7.1.9 Atlassian JIRA Server before 7.1.9

References

http://www.securityfocus.com/bid/97517
vdb-entryx_refsource_BID
https://jira.atlassian.com/secure/ReleaseNote.jspa?projec...
x_refsource_CONFIRM
https://jira.atlassian.com/browse/JRASERVER-61803
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.