{"api_version":"1","generated_at":"2026-05-12T17:24:32+00:00","cve":"CVE-2018-5231","urls":{"html":"https://cve.report/CVE-2018-5231","api":"https://cve.report/api/cve/CVE-2018-5231.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-5231","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-5231"},"summary":{"title":"CVE-2018-5231","description":"The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it.","state":"PUBLIC","assigner":"security@atlassian.com","published_at":"2018-05-16 13:29:00","updated_at":"2022-03-25 17:22:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://jira.atlassian.com/browse/JRASERVER-67290","name":"https://jira.atlassian.com/browse/JRASERVER-67290","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"[JRASERVER-67290] Denial of service through the ForgotLoginDetails resource - CVE-2018-5231 - Create and track feature requests for Atlassian products.","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/104205","name":"104205","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Atlassian JIRA CVE-2018-5231 Denial of Service Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-5231","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5231","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"5231","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"atlassian","cpe5":"jira","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5231","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"atlassian","cpe5":"jira","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5231","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"atlassian","cpe5":"jira_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@atlassian.com","DATE_PUBLIC":"2018-05-16T00:00:00","ID":"CVE-2018-5231","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Jira","version":{"version_data":[{"version_affected":"<","version_value":"7.6.6"},{"version_affected":">=","version_value":"7.7.0"},{"version_affected":"<","version_value":"7.7.4"},{"version_affected":">=","version_value":"7.8.0"},{"version_affected":"<","version_value":"7.8.4"},{"version_affected":">=","version_value":"7.9.0"},{"version_affected":"<","version_value":"7.9.2"}]}}]},"vendor_name":"Atlassian"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Denial of Service"}]}]},"references":{"reference_data":[{"name":"104205","refsource":"BID","url":"http://www.securityfocus.com/bid/104205"},{"name":"https://jira.atlassian.com/browse/JRASERVER-67290","refsource":"CONFIRM","url":"https://jira.atlassian.com/browse/JRASERVER-67290"}]}},"nvd":{"publishedDate":"2018-05-16 13:29:00","lastModifiedDate":"2022-03-25 17:22:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*","versionEndExcluding":"7.6.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.0","versionEndExcluding":"7.7.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.9.0","versionEndExcluding":"7.9.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.8.0","versionEndExcluding":"7.8.4","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"5231","Ordinal":"121188","Title":"CVE-2018-5231","CVE":"CVE-2018-5231","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"5231","Ordinal":"1","NoteData":"The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to perform a denial of service attack via sending requests to it.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"5231","Ordinal":"2","NoteData":"2018-05-16","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"5231","Ordinal":"3","NoteData":"2018-05-20","Type":"Other","Title":"Modified"}]}}}