CVE-2023-30607

Name of the Vulnerable Software and Affected Versions icingaweb2-module-jira versions 1.3.0 through 1.3.2

Description The issue affects the integration with Atlassian Jira, where template and field configuration forms perform deletion actions before validating user input, including the cross-site request forgery token. This allows for potential unauthorized actions. The problem is fixed in version 1.3.2.

Recommendations For versions 1.3.0 through 1.3.1, update to version 1.3.2 to resolve the issue. For version 1.3.2, no action is required as this version already contains the fix.