CVE-2019-20401

Name of the Vulnerable Software and Affected Versions Jira versions prior to 8.5.2

Description The issue concerns a Cross-site request forgery (CSRF) vulnerability that allows remote attackers to configure a Jira instance that has not yet finished being installed. This can be done by exploiting various installation setup resources in Jira.

Recommendations For versions prior to 8.5.2, update to version 8.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the installation setup resources to minimize the risk of exploitation.