Vulnerability in Atlassian Jira Data Center

CVE-2019-15002

An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. The login form doesn’t require a CSRF token. As a result, an attacker can log a user into the system under an unexpected account.

EPSS: 0.002 (35.9th percentile) — read the EPSS interpretation.

Affected products

Atlassian Jira Data Center — versions unspecified, unspecified
Atlassian Jira Server — versions unspecified, unspecified

References

jira.atlassian.com/browse/JRASERVER-67979 (x_refsource_MISC)