CVE-2018-13401

Name of the Vulnerable Software and Affected Versions Atlassian Jira versions prior to 7.6.9 Atlassian Jira versions 7.7.0 through 7.7.5 Atlassian Jira versions 7.8.0 through 7.8.5 Atlassian Jira versions 7.9.0 through 7.9.3 Atlassian Jira versions 7.10.0 through 7.10.3 Atlassian Jira versions 7.11.0 through 7.11.3 Atlassian Jira versions 7.12.0 through 7.12.3 Atlassian Jira versions prior to 7.13.1

Description The issue allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability in the XsrfErrorAction resource.

Recommendations For versions prior to 7.6.9, update to version 7.6.9 or later. For versions 7.7.0 through 7.7.5, update to version 7.7.5 or later. For versions 7.8.0 through 7.8.5, update to version 7.8.5 or later. For versions 7.9.0 through 7.9.3, update to version 7.9.3 or later. For versions 7.10.0 through 7.10.3, update to version 7.10.3 or later. For versions 7.11.0 through 7.11.3, update to version 7.11.3 or later. For versions 7.12.0 through 7.12.3, update to version 7.12.3 or later. For versions prior to 7.13.1, update to version 7.13.1 or later.