CVE-2018-13402

Name of the Vulnerable Software and Affected Versions Atlassian Jira versions 7.6.8 and earlier Atlassian Jira versions 7.7.0 through 7.7.4 Atlassian Jira versions 7.8.0 through 7.8.4 Atlassian Jira versions 7.9.0 through 7.9.2 Atlassian Jira versions 7.10.0 through 7.10.2 Atlassian Jira versions 7.11.0 through 7.11.2 Atlassian Jira versions 7.12.0 through 7.12.2 Atlassian Jira version 7.13.0

Description The issue allows remote attackers to attack users, in some cases obtaining a user's Cross-site request forgery (CSRF) token, via an open redirect vulnerability. This can potentially lead to unauthorized actions on behalf of the user.

Recommendations For Atlassian Jira version 7.6.8 and earlier, update to version 7.6.9 or later. For Atlassian Jira versions 7.7.0 through 7.7.4, update to version 7.7.5 or later. For Atlassian Jira versions 7.8.0 through 7.8.4, update to version 7.8.5 or later. For Atlassian Jira versions 7.9.0 through 7.9.2, update to version 7.9.3 or later. For Atlassian Jira versions 7.10.0 through 7.10.2, update to version 7.10.3 or later. For Atlassian Jira versions 7.11.0 through 7.11.2, update to version 7.11.3 or later. For Atlassian Jira versions 7.12.0 through 7.12.2, update to version 7.12.3 or later. For Atlassian Jira version 7.13.0, update to version 7.13.1 or later.