CVE-2016-4319

Published on: 04/09/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:26:58 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Certain versions of Jira from Atlassian contain the following vulnerability:

Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.

  • CVE-2016-4319 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 6.8 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
[JRASERVER-61803] CVE-2016-4319: /auditing/settings was vulnerable to CSRF - Create and track feature requests for Atlassian products. Issue Tracking
jira.atlassian.com
text/html
URL Logo MISC jira.atlassian.com/browse/JRASERVER-61803
Configure Release Notes - Create and track feature requests for Atlassian products. jira.atlassian.com
text/html
URL Logo CONFIRM jira.atlassian.com/secure/ReleaseNote.jspa?projectId=10240&version=62034
Atlassian JIRA Server CVE-2016-4319 Cross Site Request Forgery Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 97517
[JRASERVER-61803] CVE-2016-4319: /auditing/settings was vulnerable to CSRF - Create and track feature requests for Atlassian products. jira.atlassian.com
text/html
URL Logo MISC jira.atlassian.com/browse/JRA-61803
JIRA Core 7.1.x release notes - Atlassian Documentation confluence.atlassian.com
text/html
URL Logo CONFIRM confluence.atlassian.com/jiracore/jira-core-7-1-x-release-notes-802161668.html#JIRACore7.1.xreleasenotes-v7.1.9v7.1.9-06July2016

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationAtlassianJiraAllAllAllAll
  • cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*: